smokeloader | 069b72f63213700ec54cced47b46ae6db1634f807ef2caeb1b2d7b2932708857 | Triage

Sharing

General

Target

069b72f63213700ec54cced47b46ae6db1634f807ef2caeb1b2d7b2932708857
Size

172KB
Sample

241108-3bzksavldq
MD5

097915463dcf192fdbca34df7a5441d5
SHA1

9222ed80cc82240b45616f259408e671d7fd9398
SHA256

069b72f63213700ec54cced47b46ae6db1634f807ef2caeb1b2d7b2932708857
SHA512

f4e8f5ad108018aca6cdeed729e87de742e8acc9d681be1821b46781eef7a429c85829ceff09786493cd5611ca4b9cd52caa7cc2b76f63ca5f520e79aa384db3
SSDEEP

3072:mFtz+L7WbyNQhYq6MONgXbGk8YI0HBhxJF4XL+D2iPtIN+n35wl08vUpC:YcnpuhYqdOCrGklI0fPF4Xw2iP/npc0Q

Score

10^/10

smokeloader 2210 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

2210

Targets

- Target
  
  idjvgwd.bin
- Size
  
  1.2MB
- MD5
  
  ea0e8e6b849a09e27aed632bda488d8c
- SHA1
  
  de4a5e2aa40a3593090247d14cd5d01f1ae30450
- SHA256
  
  b10cba4d61edc00dbf593421ccf9b3eafd5e4a50d8049f6a36030a398da01e15
- SHA512
  
  acbbe334f8e0d9e2a7054582699d8aa40d61f877d49b3b37875182970e641b4287f020dafb2f8f46576fec6616800be3e7706bbccb4d43b3b74f468530ae49bd
- SSDEEP
  
  3072:zBN4vl/J5yf3hVx7jDM63Pg2JiVbF4381uugHymX371ZafBWvrBQ8CAsOwhWhoO:9YdyfRVx4+Ye38IuANZZaf0Q8+O0W
Score

10^/10

smokeloader 2210 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader2210backdoordiscoverytrojan

behavioral2

smokeloader2210backdoordiscoverytrojan