smokeloader | 8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e | Triage

Sharing

General

Target

8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e
Size

180KB
Sample

241109-18fg3asnhv
MD5

c23678c96e31607b4bdd59c215cfd803
SHA1

209bc1ad5cd890bb18f0ba1f9b3f4213e75fbffe
SHA256

8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e
SHA512

0c66640adbe3275c73a584b0867bf7b3ebbc9dcf52a8a9a5a6ea62c58913186ebb45d05f08f7a52f0ee86a5504752cb454c8a46faa119d3250b29d378cb3560b
SSDEEP

3072:6MXKDfAxQy/khwyXHHWagWAuODRuBNgc6jp9mdOvWrxpzbgqru:lXKkxQPhjHHMWA9DsYjp9mdOvuzbgwu

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e
- Size
  
  180KB
- MD5
  
  c23678c96e31607b4bdd59c215cfd803
- SHA1
  
  209bc1ad5cd890bb18f0ba1f9b3f4213e75fbffe
- SHA256
  
  8ec9f0807433b5a88c5640d10f20877763ef87045f1956e381df4ae48c9b174e
- SHA512
  
  0c66640adbe3275c73a584b0867bf7b3ebbc9dcf52a8a9a5a6ea62c58913186ebb45d05f08f7a52f0ee86a5504752cb454c8a46faa119d3250b29d378cb3560b
- SSDEEP
  
  3072:6MXKDfAxQy/khwyXHHWagWAuODRuBNgc6jp9mdOvWrxpzbgqru:lXKkxQPhjHHMWA9DsYjp9mdOvuzbgwu
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan