smokeloader | 489f048e927e8cbac95c2960e08b5cb92bc66984709b3d0e63a06fd27e2a9fad | Triage

Sharing

General

Target

489f048e927e8cbac95c2960e08b5cb92bc66984709b3d0e63a06fd27e2a9fad
Size

96KB
Sample

241106-3l8anszhpa
MD5

1e74ab6c8bec6bcef1f07bd29898b831
SHA1

6459b50adea6012e5b0f3e9b65816a117c6e7f28
SHA256

489f048e927e8cbac95c2960e08b5cb92bc66984709b3d0e63a06fd27e2a9fad
SHA512

2dd9d2d67daf918ceba8609e45efe20eba3d4eb71b878208b166a81bd368970338a0fc255ec3f0ec0a1eebf95507890fccaf7d50e9e23794388db39a6da5377b
SSDEEP

1536:3fqalz4mBjVdk0CB4PbkkF9v0PFLJA5unjaAI3SCA+dvIhcZlJkA:311BjqSbF9v0PUujIndLDJ

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  01422262448b27babd6704091eef95ad.bin
- Size
  
  149KB
- MD5
  
  01422262448b27babd6704091eef95ad
- SHA1
  
  ad336b735ad99c7566f461f94a83899ae3353f41
- SHA256
  
  f6a8aa29264495625e7a74ada5f3a792c06c3f9ef472e01c4761bed7d1e4ff96
- SHA512
  
  f3ff4166f872c4673f5d95d8246eae325ae9643e14a24c4ebd5095961d2a129bab527abd912117efc8397f6393cef4652b9a13a441d4487d2fa82adbb0dc545f
- SSDEEP
  
  3072:5DAJLBmMqNL0OT4iv5m/ddddJWrFZmedNizgFnLmG:2LBmb0OT85Wr7FNAgFnL
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan