smokeloader | 05d2f1e42b572e19503120cf5da0f96bca94c6ab96021b02013a8e6bc6e59f4d | Triage

Sharing

General

Target

05d2f1e42b572e19503120cf5da0f96bca94c6ab96021b02013a8e6bc6e59f4d
Size

273KB
Sample

241108-l3amaszkfw
MD5

39a900a37dfdb579c970ac7b88c9edad
SHA1

b2464c3b3661d3909b6574225204c4a41d7d66e0
SHA256

05d2f1e42b572e19503120cf5da0f96bca94c6ab96021b02013a8e6bc6e59f4d
SHA512

af3e567cbb60bd1cf6dfe289baf84de4738f811a4de069168d9191da390bd2425fc17a8c6369849709fdd65dba65ec1d7d4c97ac61408b407ae65639dc94bcc2
SSDEEP

3072:RpTl8F8fejCNpVsYWJZYIDx9pJi8dKgMXUaFv1gxo6XrcNm7QM3u56VO:HxJfdVMsIVN67v1r8cPMZY

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  05d2f1e42b572e19503120cf5da0f96bca94c6ab96021b02013a8e6bc6e59f4d
- Size
  
  273KB
- MD5
  
  39a900a37dfdb579c970ac7b88c9edad
- SHA1
  
  b2464c3b3661d3909b6574225204c4a41d7d66e0
- SHA256
  
  05d2f1e42b572e19503120cf5da0f96bca94c6ab96021b02013a8e6bc6e59f4d
- SHA512
  
  af3e567cbb60bd1cf6dfe289baf84de4738f811a4de069168d9191da390bd2425fc17a8c6369849709fdd65dba65ec1d7d4c97ac61408b407ae65639dc94bcc2
- SSDEEP
  
  3072:RpTl8F8fejCNpVsYWJZYIDx9pJi8dKgMXUaFv1gxo6XrcNm7QM3u56VO:HxJfdVMsIVN67v1r8cPMZY
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan