smokeloader | ae39fe33549b1fbd59e82e1a0d9c30dd9699e3fd16574a7ea4c3deb56868707e | Triage

Sharing

General

Target

74f1512720df1bd270a3c350ecbc5340
Size

226KB
Sample

241108-pm7hwa1pdt
MD5

74f1512720df1bd270a3c350ecbc5340
SHA1

1f5cbdf8ab67aaf2671738ad558d425d7d43a689
SHA256

ae39fe33549b1fbd59e82e1a0d9c30dd9699e3fd16574a7ea4c3deb56868707e
SHA512

fc4c947f5e4e8312ea840c7470c66f212a2d92314c353bc55381903c0efb9e4aecd75f4b45f49028735bc99c6a6302de1fb0393e8961cac6af7cee8fa2555e60
SSDEEP

3072:9zt1HXbuI+u+D0ktAJMgA6UFHW0UGCXZR2DTIbBkOAg0Fuj3fFCYIB5pwgHc8dbM:31LIu5ktsMZ6UQ0KXZRdXAOLFewmD56P

Score

10^/10

smokeloader wood backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

wood

Targets

- Target
  
  74f1512720df1bd270a3c350ecbc5340
- Size
  
  226KB
- MD5
  
  74f1512720df1bd270a3c350ecbc5340
- SHA1
  
  1f5cbdf8ab67aaf2671738ad558d425d7d43a689
- SHA256
  
  ae39fe33549b1fbd59e82e1a0d9c30dd9699e3fd16574a7ea4c3deb56868707e
- SHA512
  
  fc4c947f5e4e8312ea840c7470c66f212a2d92314c353bc55381903c0efb9e4aecd75f4b45f49028735bc99c6a6302de1fb0393e8961cac6af7cee8fa2555e60
- SSDEEP
  
  3072:9zt1HXbuI+u+D0ktAJMgA6UFHW0UGCXZR2DTIbBkOAg0Fuj3fFCYIB5pwgHc8dbM:31LIu5ktsMZ6UQ0KXZRdXAOLFewmD56P
Score

10^/10

smokeloader wood backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderwoodbackdoordiscoverytrojan

behavioral2

smokeloaderwoodbackdoordiscoverytrojan