smokeloader | f6dbbdebe3b9e22d4ca07158b4c0a6b4b840593afeb6392f9942c27d66d8a9ff | Triage

Sharing

General

Target

f6dbbdebe3b9e22d4ca07158b4c0a6b4b840593afeb6392f9942c27d66d8a9ff
Size

324KB
Sample

241108-lmgexayret
MD5

ae116a7b24b9a47f81c09b9c7ed1bfae
SHA1

9a02723281cb8bb32746aa726f267e505262ed08
SHA256

f6dbbdebe3b9e22d4ca07158b4c0a6b4b840593afeb6392f9942c27d66d8a9ff
SHA512

ef3dece063cf2e0ff8b9778968869c885b4ad852b212c5b5f4eed054f636b3a2a73a3db5da87e34d9823055071a5f8657fb42117cc6aeeba3b0870d5c7ba96f5
SSDEEP

6144:ErYOO97dAJI9FNbZ+A7shI3qkuAa6SKtR:8tO9CJI9FNbZ+A7sI3qEa6SI

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  f6dbbdebe3b9e22d4ca07158b4c0a6b4b840593afeb6392f9942c27d66d8a9ff
- Size
  
  324KB
- MD5
  
  ae116a7b24b9a47f81c09b9c7ed1bfae
- SHA1
  
  9a02723281cb8bb32746aa726f267e505262ed08
- SHA256
  
  f6dbbdebe3b9e22d4ca07158b4c0a6b4b840593afeb6392f9942c27d66d8a9ff
- SHA512
  
  ef3dece063cf2e0ff8b9778968869c885b4ad852b212c5b5f4eed054f636b3a2a73a3db5da87e34d9823055071a5f8657fb42117cc6aeeba3b0870d5c7ba96f5
- SSDEEP
  
  6144:ErYOO97dAJI9FNbZ+A7shI3qkuAa6SKtR:8tO9CJI9FNbZ+A7sI3qEa6SI
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan