smokeloader | 585aa60f224f5f7b3696efafbb7b6f4cc9d3b029964f80fb83c02f55d1a52b27 | Triage

Sharing

General

Target

585aa60f224f5f7b3696efafbb7b6f4cc9d3b029964f80fb83c02f55d1a52b27
Size

164KB
Sample

241110-hqyxks1ndz
MD5

47501bca2d855a6792f7cd363796356c
SHA1

43f3eb90cb3edceba86c682958af8c825a587cfd
SHA256

585aa60f224f5f7b3696efafbb7b6f4cc9d3b029964f80fb83c02f55d1a52b27
SHA512

64ba1d47162cc92b96b1ad581b3288b5869e2baf14d72496ee633fa28caae3c438ceebc96fe633e00253acb2d987c2ad54360e4976ff160e78af6826c5d466af
SSDEEP

3072:VGYFMLQuyudxqdxd/o0E2SmWpy1PMO18mb5uAjPmrSzS:VrFMLQgdxAxdw0E5DouO13IT2z

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  585aa60f224f5f7b3696efafbb7b6f4cc9d3b029964f80fb83c02f55d1a52b27
- Size
  
  164KB
- MD5
  
  47501bca2d855a6792f7cd363796356c
- SHA1
  
  43f3eb90cb3edceba86c682958af8c825a587cfd
- SHA256
  
  585aa60f224f5f7b3696efafbb7b6f4cc9d3b029964f80fb83c02f55d1a52b27
- SHA512
  
  64ba1d47162cc92b96b1ad581b3288b5869e2baf14d72496ee633fa28caae3c438ceebc96fe633e00253acb2d987c2ad54360e4976ff160e78af6826c5d466af
- SSDEEP
  
  3072:VGYFMLQuyudxqdxd/o0E2SmWpy1PMO18mb5uAjPmrSzS:VrFMLQgdxAxdw0E5DouO13IT2z
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan