smokeloader | 85eb01aa1b07ba7f2e6c0b5e6f9722456d3a26c93a981a636e71948c17149171 | Triage

Sharing

General

Target

85eb01aa1b07ba7f2e6c0b5e6f9722456d3a26c93a981a636e71948c17149171
Size

265KB
Sample

241105-py7ysasbpr
MD5

386a3a0b43c69504d6d67667de4b86a9
SHA1

bb4c143521f97766ace6e0255abe10ba64f52dfc
SHA256

85eb01aa1b07ba7f2e6c0b5e6f9722456d3a26c93a981a636e71948c17149171
SHA512

028203a526774d5384eb50d1c073fd9fbf8125b0e483addb1cb711c3a12bdc4962a04fe6c68725beeadf1fe19342f08538d1e50fdbe2f2e443c5b058f659a093
SSDEEP

6144:FLmnFd+RdO+wLKZae5A5V7AIPNJDqjSgLSO:qD+RdO+zZa6AhPNCn

Score

10^/10

smokeloader 7777 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

7777

Targets

- Target
  
  85eb01aa1b07ba7f2e6c0b5e6f9722456d3a26c93a981a636e71948c17149171
- Size
  
  265KB
- MD5
  
  386a3a0b43c69504d6d67667de4b86a9
- SHA1
  
  bb4c143521f97766ace6e0255abe10ba64f52dfc
- SHA256
  
  85eb01aa1b07ba7f2e6c0b5e6f9722456d3a26c93a981a636e71948c17149171
- SHA512
  
  028203a526774d5384eb50d1c073fd9fbf8125b0e483addb1cb711c3a12bdc4962a04fe6c68725beeadf1fe19342f08538d1e50fdbe2f2e443c5b058f659a093
- SSDEEP
  
  6144:FLmnFd+RdO+wLKZae5A5V7AIPNJDqjSgLSO:qD+RdO+zZa6AhPNCn
Score

10^/10

smokeloader 7777 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader7777backdoordiscoverytrojan

behavioral2

smokeloader7777backdoordiscoverytrojan