smokeloader | 0beab1a83fa5d19444fa91c1e36f7ecdfa12ed947abb9b7cc91ec07cd658d6a1 | Triage

Sharing

General

Target

0beab1a83fa5d19444fa91c1e36f7ecdfa12ed947abb9b7cc91ec07cd658d6a1
Size

331KB
Sample

241105-p5axma1jdw
MD5

2d169f8b4305ef8c8748aaca4a15165e
SHA1

8afd9276d05cadb9ad3ab970144c171b3c5145c3
SHA256

0beab1a83fa5d19444fa91c1e36f7ecdfa12ed947abb9b7cc91ec07cd658d6a1
SHA512

41b05f084f3e6963f2977da989a9aff56867d23be1a8ee0226c04ee6097565f03cf3ccf18cda79b92f0f696035b85bb742b236f81bfb2c9a58425e05e89245fa
SSDEEP

3072:PmA0hygQXsCV0JzYHAw6fVCoB2yTvzGljspzN0kBlWQAKtq0lNPC534Ecvcl0Jtd:P3YN/BNzG9s1ZBsQDLlNK5IrjJxT3M

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  0beab1a83fa5d19444fa91c1e36f7ecdfa12ed947abb9b7cc91ec07cd658d6a1
- Size
  
  331KB
- MD5
  
  2d169f8b4305ef8c8748aaca4a15165e
- SHA1
  
  8afd9276d05cadb9ad3ab970144c171b3c5145c3
- SHA256
  
  0beab1a83fa5d19444fa91c1e36f7ecdfa12ed947abb9b7cc91ec07cd658d6a1
- SHA512
  
  41b05f084f3e6963f2977da989a9aff56867d23be1a8ee0226c04ee6097565f03cf3ccf18cda79b92f0f696035b85bb742b236f81bfb2c9a58425e05e89245fa
- SSDEEP
  
  3072:PmA0hygQXsCV0JzYHAw6fVCoB2yTvzGljspzN0kBlWQAKtq0lNPC534Ecvcl0Jtd:P3YN/BNzG9s1ZBsQDLlNK5IrjJxT3M
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan