smokeloader | 1160f56919b5343e19cffdaaa323ba08c47250375f98773e9469398666465dae | Triage

Sharing

General

Target

1160f56919b5343e19cffdaaa323ba08c47250375f98773e9469398666465dae
Size

115KB
Sample

241109-yzwrkstphp
MD5

9d9065293224664b40ef02edd782c071
SHA1

54a6976f4b5edabf860ed5a8402f55bb5885736b
SHA256

1160f56919b5343e19cffdaaa323ba08c47250375f98773e9469398666465dae
SHA512

32304b46f7fd2939033644cbcd736c999f0b4fe2d4b384e46b01511fa02de9a05964beecc32618db1e156eef25a206a36702666fb3bd8f29d870dd9f450d8f96
SSDEEP

3072:shSNGo+i/mtSvyYwoPNZNCiwzUDwjbr2MANwuswR1GoX+E7:shSJ+iet0vZIiwzUD86Qe3X+A

Score

10^/10

smokeloader pub4 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Targets

- Target
  
  d0c09c00990cc693789f83e8dfb4d3e7db62a583d246cea22b2c6bb3a2c3e6f0.exe
- Size
  
  184KB
- MD5
  
  1d1f1db339f3a24f0d36c55f73170823
- SHA1
  
  fc05a397204075db47095fd79c551c1a0c49e1c6
- SHA256
  
  d0c09c00990cc693789f83e8dfb4d3e7db62a583d246cea22b2c6bb3a2c3e6f0
- SHA512
  
  4fc782dd3c53b8de5496afd320efa0d8f9f3bd96595eadb7b198319176a5109242a91da8179ac0f3ae0432d499262994d5d8db1bd792a4e8a453c6feeedaec51
- SSDEEP
  
  3072:LoqvXo/yHi3fSwlOU7Oo1oog2KzDn9DAzz67FWXkf6yYEZV:dvXlCeo1i2KdDAzz6IXo7
Score

10^/10

smokeloader pub4 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub4backdoortrojan

behavioral2

smokeloaderpub4backdoordiscoverytrojan