smokeloader | cb5fe5f824bff23d7f954691b622b103876651b1c34a3d95be3a3b8f9cb4e309 | Triage

Sharing

General

Target

cb5fe5f824bff23d7f954691b622b103876651b1c34a3d95be3a3b8f9cb4e309
Size

300KB
Sample

241109-2ce24aspfz
MD5

65b71456b50e85da1da591f19efcabac
SHA1

801418b86d48aa8a4891b4e626e379176c8e5029
SHA256

cb5fe5f824bff23d7f954691b622b103876651b1c34a3d95be3a3b8f9cb4e309
SHA512

b185ef98e0f706a1578afc380623d278aa4790dc2d227cf82134f4d73f3f12931ee76c35e879de3a56adb635dae0046eb2b0e4957edd021022912a0a79b50284
SSDEEP

6144:7yMNFlFQULpGET3iB1ELMa59MiCwDYYy3lnBi:2MrZpGETSB1ELMwMiCwDq5B

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  cb5fe5f824bff23d7f954691b622b103876651b1c34a3d95be3a3b8f9cb4e309
- Size
  
  300KB
- MD5
  
  65b71456b50e85da1da591f19efcabac
- SHA1
  
  801418b86d48aa8a4891b4e626e379176c8e5029
- SHA256
  
  cb5fe5f824bff23d7f954691b622b103876651b1c34a3d95be3a3b8f9cb4e309
- SHA512
  
  b185ef98e0f706a1578afc380623d278aa4790dc2d227cf82134f4d73f3f12931ee76c35e879de3a56adb635dae0046eb2b0e4957edd021022912a0a79b50284
- SSDEEP
  
  6144:7yMNFlFQULpGET3iB1ELMa59MiCwDYYy3lnBi:2MrZpGETSB1ELMwMiCwDq5B
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan