smokeloader | 094e5f284519632fec8516d9c58966c9fdcc1e8e848b39532472ec6906cf2bfe | Triage

Sharing

General

Target

094e5f284519632fec8516d9c58966c9fdcc1e8e848b39532472ec6906cf2bfe
Size

226KB
Sample

241109-km3gpstqgr
MD5

7e1b085263a1735851f164cdfe697228
SHA1

d87cd6bf183ae379c5fb1caccd6e2627d2129a2b
SHA256

094e5f284519632fec8516d9c58966c9fdcc1e8e848b39532472ec6906cf2bfe
SHA512

0b2a6518e7b9f5938cfc1edba0e63395d95d94fd0d1eb2811f33121202f2d892606fdf5b21dbf06ab56fccf5e2c978d864be9817d87947bbe0cc4f80088270ae
SSDEEP

3072:kzd/XR5oQOWIpUGXAJIIAE6FxW0YyqVpF4DTIbBkOAg0Fujxh+iZj8lY9454jCBz:W/XyWVGXsIxE6K0uVpFjXAOv+iZje56e

Score

10^/10

smokeloader wood backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

wood

Targets

- Target
  
  094e5f284519632fec8516d9c58966c9fdcc1e8e848b39532472ec6906cf2bfe
- Size
  
  226KB
- MD5
  
  7e1b085263a1735851f164cdfe697228
- SHA1
  
  d87cd6bf183ae379c5fb1caccd6e2627d2129a2b
- SHA256
  
  094e5f284519632fec8516d9c58966c9fdcc1e8e848b39532472ec6906cf2bfe
- SHA512
  
  0b2a6518e7b9f5938cfc1edba0e63395d95d94fd0d1eb2811f33121202f2d892606fdf5b21dbf06ab56fccf5e2c978d864be9817d87947bbe0cc4f80088270ae
- SSDEEP
  
  3072:kzd/XR5oQOWIpUGXAJIIAE6FxW0YyqVpF4DTIbBkOAg0Fujxh+iZj8lY9454jCBz:W/XyWVGXsIxE6K0uVpFjXAOv+iZje56e
Score

10^/10

smokeloader wood backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderwoodbackdoordiscoverytrojan

behavioral2

smokeloaderwoodbackdoordiscoverytrojan