smokeloader | 9e7f42f90277ce4e5679e4b47e3a55f83aeb439ce9db1830a2dcb8150757b262 | Triage

Sharing

General

Target

9e7f42f90277ce4e5679e4b47e3a55f83aeb439ce9db1830a2dcb8150757b262
Size

237KB
Sample

241108-cf5dqasglf
MD5

51a33cc249def406e27cf2f8c6034bd1
SHA1

89799a76f46e3272ea01ee2b9a432fbe0e2dc5f8
SHA256

9e7f42f90277ce4e5679e4b47e3a55f83aeb439ce9db1830a2dcb8150757b262
SHA512

a1737c941d16829a97c17e8185de609b16881a6fbf88c4011a24bd29c73f6a3e3c82bf1f224dd918ebc6cd99910bcd4358d9cfaddc7690ad13450234f2986f8c
SSDEEP

3072:1O99S8yFCm6Bd53pjptMwPeqDTTgfjDjYjVjE7IxSpe/pL1i2yBpkjcFfFwH2FoO:1OePF/cDpt5eUTsHsphLxstWmpranLd

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  9e7f42f90277ce4e5679e4b47e3a55f83aeb439ce9db1830a2dcb8150757b262
- Size
  
  237KB
- MD5
  
  51a33cc249def406e27cf2f8c6034bd1
- SHA1
  
  89799a76f46e3272ea01ee2b9a432fbe0e2dc5f8
- SHA256
  
  9e7f42f90277ce4e5679e4b47e3a55f83aeb439ce9db1830a2dcb8150757b262
- SHA512
  
  a1737c941d16829a97c17e8185de609b16881a6fbf88c4011a24bd29c73f6a3e3c82bf1f224dd918ebc6cd99910bcd4358d9cfaddc7690ad13450234f2986f8c
- SSDEEP
  
  3072:1O99S8yFCm6Bd53pjptMwPeqDTTgfjDjYjVjE7IxSpe/pL1i2yBpkjcFfFwH2FoO:1OePF/cDpt5eUTsHsphLxstWmpranLd
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan