smokeloader | 00aad890b4555d4c2dafc44349e2a865bb2aa2279e6a79fa6d9a731c5eb27c7c | Triage

Sharing

General

Target

00aad890b4555d4c2dafc44349e2a865bb2aa2279e6a79fa6d9a731c5eb27c7c
Size

94KB
Sample

241107-lplgmszgkl
MD5

40b842b243b541f1b334e2ce2de4134d
SHA1

fb86ab3c4dd40a3af44df67d1c1f0dd3d173a35d
SHA256

00aad890b4555d4c2dafc44349e2a865bb2aa2279e6a79fa6d9a731c5eb27c7c
SHA512

25df3f6d72e41526d655fe7c98d15fbfe3e57d4708c61dcf1c102bfb926c3d8ea8760dc30ec1d1df84545f2786e5c0ee1bdc1cf46ccb4953e73673948d487f79
SSDEEP

1536:b8iyska6DE/oXJtzpge8+ImC6SDSj3Ev97r15titB5eLdz68LbeyFnhA0DRkO5Bx:bXys36WoXJtzpge8+IZA3Ev9rVc5escd

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  4e4ef2d77a6dce6e6ba4c8c0618f0f0b7f26a1152762e0315a36740b39da074b
- Size
  
  159KB
- MD5
  
  be84bafddfecc4a70b832603d7f7c634
- SHA1
  
  8211b6f53f6f9b46363f90878276ae64425e1aeb
- SHA256
  
  4e4ef2d77a6dce6e6ba4c8c0618f0f0b7f26a1152762e0315a36740b39da074b
- SHA512
  
  d0302ca7fd7cec5454fd07220c307604d0a7ab1247ba4c8317ba4ae1f4ee48e7c387715bcfac5c9f4ebe568ee193e958f8d0d125998782fc2dcf57bb8e72fc54
- SSDEEP
  
  1536:vRaI0FrCwSstxOZpayvZimvbPfLaF/iRjt8FXCZLuc/JLHpg6OXDDqyCERaSbL1u:ZO6sj8pvvjfLhOXULJDwX/qybVbL1u
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan