smokeloader | 6f7470b290031a2f14f90dadf9971df6195680228f6c4c388d03aadff3939798 | Triage

Sharing

General

Target

8c1284da361042c363c4f360efd74595fcfa4d3c
Size

226KB
Sample

241110-m6vbjswbqc
MD5

d9274277029e715a306411f7f4853e2c
SHA1

8c1284da361042c363c4f360efd74595fcfa4d3c
SHA256

6f7470b290031a2f14f90dadf9971df6195680228f6c4c388d03aadff3939798
SHA512

d7a1a2e7413e3e92af6ba10122120b350f6e9e2d983ae76c200acb5b29680c1252e6d24a3aa622cef12aa9a8e7de9bd205ed833cd554a217e20b0508eaffa19f
SSDEEP

3072:y9l1vvqAU+2mz0WtAJUeAE6FYW0E+cqTj4DTIbBkOAg0Fuje3BFmQ32Sl54jCd5z:616G2lWtsU3E6X08qTjjXAO+3T56w

Score

10^/10

smokeloader wood backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

wood

Targets

- Target
  
  8c1284da361042c363c4f360efd74595fcfa4d3c
- Size
  
  226KB
- MD5
  
  d9274277029e715a306411f7f4853e2c
- SHA1
  
  8c1284da361042c363c4f360efd74595fcfa4d3c
- SHA256
  
  6f7470b290031a2f14f90dadf9971df6195680228f6c4c388d03aadff3939798
- SHA512
  
  d7a1a2e7413e3e92af6ba10122120b350f6e9e2d983ae76c200acb5b29680c1252e6d24a3aa622cef12aa9a8e7de9bd205ed833cd554a217e20b0508eaffa19f
- SSDEEP
  
  3072:y9l1vvqAU+2mz0WtAJUeAE6FYW0E+cqTj4DTIbBkOAg0Fuje3BFmQ32Sl54jCd5z:616G2lWtsU3E6X08qTjjXAO+3T56w
Score

10^/10

smokeloader wood backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderwoodbackdoordiscoverytrojan

behavioral2

smokeloaderwoodbackdoordiscoverytrojan