smokeloader | 9516b861061312f15bff3b04daa9e73f4db2d65f193e2ead7b377b59ce3fd86e | Triage

Sharing

General

Target

9516b861061312f15bff3b04daa9e73f4db2d65f193e2ead7b377b59ce3fd86e
Size

219KB
Sample

241107-g4pemazlbm
MD5

3a9bc7733a4e0f7196f07a7f310654fc
SHA1

2e94109eb4b0e237ac8906ce3ade510a0509d61f
SHA256

9516b861061312f15bff3b04daa9e73f4db2d65f193e2ead7b377b59ce3fd86e
SHA512

9acbb4f64e4bbffb886ede354384b4945eae8d195e345c02c8e1eeab76a32e90805835ed4d5bff37f15dd5465c7e7c241ece5ec524f7bb56afccfd3331ebff03
SSDEEP

3072:CedL4vqr5kIwIFOl8I4B7yXj5+ZolWrxpzbgqruXhs7sxkgaBChUDt2:CedLrkJIIYBeQWuzbgwu6Qiga0

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  9516b861061312f15bff3b04daa9e73f4db2d65f193e2ead7b377b59ce3fd86e
- Size
  
  219KB
- MD5
  
  3a9bc7733a4e0f7196f07a7f310654fc
- SHA1
  
  2e94109eb4b0e237ac8906ce3ade510a0509d61f
- SHA256
  
  9516b861061312f15bff3b04daa9e73f4db2d65f193e2ead7b377b59ce3fd86e
- SHA512
  
  9acbb4f64e4bbffb886ede354384b4945eae8d195e345c02c8e1eeab76a32e90805835ed4d5bff37f15dd5465c7e7c241ece5ec524f7bb56afccfd3331ebff03
- SSDEEP
  
  3072:CedL4vqr5kIwIFOl8I4B7yXj5+ZolWrxpzbgqruXhs7sxkgaBChUDt2:CedLrkJIIYBeQWuzbgwu6Qiga0
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan