smokeloader | 39e3bbf455fbdefb460830eeb5467c01b10adecd418e36eed9cef7a395d32cd3 | Triage

Sharing

General

Target

39e3bbf455fbdefb460830eeb5467c01b10adecd418e36eed9cef7a395d32cd3
Size

154KB
Sample

241109-bv3b8stkdz
MD5

90b2550f28a6d1a30bd31353391d874c
SHA1

34a42ef4f88b9df13d492283ecf669f1947f60dd
SHA256

39e3bbf455fbdefb460830eeb5467c01b10adecd418e36eed9cef7a395d32cd3
SHA512

774e03b1a7c3b47d54286cb9a570fa328c7d342fcdd21705d551b66b406b3a4044926327b810c3282231d8cc7fad8fa8f9f5fb1642f18500210a1611512d25c0
SSDEEP

3072:ttHlpeDA1mtP7HIAmqGcLNRqm5p7OQznT3qqsP96878P9WR9YGFzI7:TyKm17IAmNg5p7Om3qljg

Score

10^/10

smokeloader 0103 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0103

Targets

- Target
  
  02d1136079dc3aee91af021a5fc064106ddb2c0f61359b878fe97a8667cabb1c
- Size
  
  289KB
- MD5
  
  a3ed7dde4a9506eb99ebcffd889ff2f5
- SHA1
  
  63b6c363ad8f8826b61f1368fa55a8df868b7182
- SHA256
  
  02d1136079dc3aee91af021a5fc064106ddb2c0f61359b878fe97a8667cabb1c
- SHA512
  
  86d13fc17500342e63e5ddf0c430a6ac45d9210ff588d8885a318abf530fefcf80f7e03346dec78881c3596b29db3d80ca291abe4ea0d1d4ed5c993ae9a46fa4
- SSDEEP
  
  6144:xIWHpMSmnj/UuC8wxyN/fPyCRtJJbRCmtDeUDT:xIWKTnLUywEdttJJdCCn
Score

10^/10

smokeloader 0103 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0103backdoordiscoverytrojan

behavioral2

smokeloader0103backdoordiscoverytrojan