smokeloader | e81ebe8ff8ef850de362076938a8ad0960b6dc19d58cc9352fb7f8cf6805eeb3 | Triage

Sharing

General

Target

e81ebe8ff8ef850de362076938a8ad0960b6dc19d58cc9352fb7f8cf6805eeb3
Size

249KB
Sample

241105-hde9pswkcv
MD5

8291e30b300570f52b721d6a54b1c9a2
SHA1

3c603dcb87c89cf016f1ec48274fa502d25e4275
SHA256

e81ebe8ff8ef850de362076938a8ad0960b6dc19d58cc9352fb7f8cf6805eeb3
SHA512

a7ac165c84f5e09ef6f24cbcfc5620aee6ffcccf2b0c434f4f0a7d4c33ec0538fd6fe5815a6d198ae5fdf7c31925ababd9fe4bcba246c8ed06804214fe4efedb
SSDEEP

3072:crReeUdzW8puBuOhLl1JiXDFg9cJxjcMeAi0s8kqJ88URk:kkeUdcIOhL+qKjc3ilP

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  e81ebe8ff8ef850de362076938a8ad0960b6dc19d58cc9352fb7f8cf6805eeb3
- Size
  
  249KB
- MD5
  
  8291e30b300570f52b721d6a54b1c9a2
- SHA1
  
  3c603dcb87c89cf016f1ec48274fa502d25e4275
- SHA256
  
  e81ebe8ff8ef850de362076938a8ad0960b6dc19d58cc9352fb7f8cf6805eeb3
- SHA512
  
  a7ac165c84f5e09ef6f24cbcfc5620aee6ffcccf2b0c434f4f0a7d4c33ec0538fd6fe5815a6d198ae5fdf7c31925ababd9fe4bcba246c8ed06804214fe4efedb
- SSDEEP
  
  3072:crReeUdzW8puBuOhLl1JiXDFg9cJxjcMeAi0s8kqJ88URk:kkeUdcIOhL+qKjc3ilP
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan