smokeloader | a5abd9bf3f7d64920e664294bdb09eaf8ef049a3f6001c4429c0ab05e12378d1 | Triage

Sharing

General

Target

a5abd9bf3f7d64920e664294bdb09eaf8ef049a3f6001c4429c0ab05e12378d1
Size

211KB
Sample

241106-y8lyqsxcna
MD5

bb976fdd50ef7af2b720ce08ef62e082
SHA1

1d8ef0f91941d95bbd4b9d3b067069ed7d7cee58
SHA256

a5abd9bf3f7d64920e664294bdb09eaf8ef049a3f6001c4429c0ab05e12378d1
SHA512

db3fb31012c48e375f313b78bfa29a3409106a9a17eacff4e5b1b214ccc319ac6bbbf1072f0dd6e4fb9e798b9b112568ddd1a0c9c89bc5af01ee1d96500d3896
SSDEEP

3072:dbWoSdUCtu9MUy4xk2Q5Jco4RxJEPSvnARgYzbHOAg0FujDY5sS86WV1+HGfz6FG:dqogFu6U3xkxaRHEF+AOj9PVTfz6hXC

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  a5abd9bf3f7d64920e664294bdb09eaf8ef049a3f6001c4429c0ab05e12378d1
- Size
  
  211KB
- MD5
  
  bb976fdd50ef7af2b720ce08ef62e082
- SHA1
  
  1d8ef0f91941d95bbd4b9d3b067069ed7d7cee58
- SHA256
  
  a5abd9bf3f7d64920e664294bdb09eaf8ef049a3f6001c4429c0ab05e12378d1
- SHA512
  
  db3fb31012c48e375f313b78bfa29a3409106a9a17eacff4e5b1b214ccc319ac6bbbf1072f0dd6e4fb9e798b9b112568ddd1a0c9c89bc5af01ee1d96500d3896
- SSDEEP
  
  3072:dbWoSdUCtu9MUy4xk2Q5Jco4RxJEPSvnARgYzbHOAg0FujDY5sS86WV1+HGfz6FG:dqogFu6U3xkxaRHEF+AOj9PVTfz6hXC
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan