smokeloader | 0e99514b04d43621f96bbc0adb9fe2019a4f7050030711b62133af94f34c6eec | Triage

Sharing

General

Target

0e99514b04d43621f96bbc0adb9fe2019a4f7050030711b62133af94f34c6eec
Size

215KB
Sample

241109-ex7lhszpdm
MD5

fa998ea6c6e62e12d93fb2faff56c5a9
SHA1

7f2e497f788a02fcd07afaad76b527bb8193cc6e
SHA256

0e99514b04d43621f96bbc0adb9fe2019a4f7050030711b62133af94f34c6eec
SHA512

eeb2b0f423683195aac30efac5a47467d2ca448580619725af57e795130fe8f9c8c632bda3f7319a04fd1e9d913951993aec6df77853bfdfc069420c0fd9cf5f
SSDEEP

3072:rX8aaDGYCSzd8Ouzbmr9PsmOQ6kwNoEaTEs00Ns15r+VLSQEOJHvld3eCfXUTB:rX8ahnmrxsmf6PNnOS+z5JHH3eCP

Score

10^/10

smokeloader 555 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

555

Targets

- Target
  
  0e99514b04d43621f96bbc0adb9fe2019a4f7050030711b62133af94f34c6eec
- Size
  
  215KB
- MD5
  
  fa998ea6c6e62e12d93fb2faff56c5a9
- SHA1
  
  7f2e497f788a02fcd07afaad76b527bb8193cc6e
- SHA256
  
  0e99514b04d43621f96bbc0adb9fe2019a4f7050030711b62133af94f34c6eec
- SHA512
  
  eeb2b0f423683195aac30efac5a47467d2ca448580619725af57e795130fe8f9c8c632bda3f7319a04fd1e9d913951993aec6df77853bfdfc069420c0fd9cf5f
- SSDEEP
  
  3072:rX8aaDGYCSzd8Ouzbmr9PsmOQ6kwNoEaTEs00Ns15r+VLSQEOJHvld3eCfXUTB:rX8ahnmrxsmf6PNnOS+z5JHH3eCP
Score

10^/10

smokeloader 555 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader555backdoordiscoverytrojan

behavioral2

smokeloader555backdoordiscoverytrojan