smokeloader | cf3bf2512ab108eef1fc0ad3a4aa803d06e5c1181264caa87b8d62ac1b0c5a5d | Triage

Sharing

General

Target

71e520501e7651132b3391f7f751a86e5a5ce786
Size

150KB
Sample

241108-wrnd5awhrd
MD5

0307e18b7c25073d606696ee43e82d9f
SHA1

71e520501e7651132b3391f7f751a86e5a5ce786
SHA256

cf3bf2512ab108eef1fc0ad3a4aa803d06e5c1181264caa87b8d62ac1b0c5a5d
SHA512

ef69cad94371abf33b14dfedc41760da2b4e484666484d70a7e63b681abb2652048c8ec46b4bbc2eac7b52ceafd47b2ece0f93f28112dc7944738614794133f0
SSDEEP

3072:Ng7YA17SJEulmZhGUD7TiUbMjkCJG6PYzIFBN5PyiwwErLuGIhjAyp:NVOkEYmmO7TZMACz59w6G8jAu

Score

10^/10

smokeloader slov backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

slov

Targets

- Target
  
  71e520501e7651132b3391f7f751a86e5a5ce786
- Size
  
  150KB
- MD5
  
  0307e18b7c25073d606696ee43e82d9f
- SHA1
  
  71e520501e7651132b3391f7f751a86e5a5ce786
- SHA256
  
  cf3bf2512ab108eef1fc0ad3a4aa803d06e5c1181264caa87b8d62ac1b0c5a5d
- SHA512
  
  ef69cad94371abf33b14dfedc41760da2b4e484666484d70a7e63b681abb2652048c8ec46b4bbc2eac7b52ceafd47b2ece0f93f28112dc7944738614794133f0
- SSDEEP
  
  3072:Ng7YA17SJEulmZhGUD7TiUbMjkCJG6PYzIFBN5PyiwwErLuGIhjAyp:NVOkEYmmO7TZMACz59w6G8jAu
Score

10^/10

smokeloader slov backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderslovbackdoordiscoverytrojan

behavioral2

smokeloaderslovbackdoordiscoverytrojan