smokeloader | 5da1b3ace20601ed2988fdad3409c9520a372aa8d1b83d5d460e4c2de637235b | Triage

Sharing

General

Target

5da1b3ace20601ed2988fdad3409c9520a372aa8d1b83d5d460e4c2de637235b
Size

147KB
Sample

241111-ehyp3asdjq
MD5

5463f9339b3f5bab44e5cdfb29cb9448
SHA1

5c027e15fc83acd800598676dfea97ee20a7d2ed
SHA256

5da1b3ace20601ed2988fdad3409c9520a372aa8d1b83d5d460e4c2de637235b
SHA512

034b72e2f625af4a878867185b53847adb1fce49a9f95cbd1316600429b03970239edd201b681d2806354d151898bb3006370e8b4443dcafcb6ec3b50bed4af0
SSDEEP

3072:m96X8xk4ft1YbALvRhxolauq2qLo8cPSsbYNGxrMclo:m96X8xdt1vLvPGYuq2qMX6veI

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  3dbed425bb064bebb7e49003d553f9624548b1001643ab7afa39b16e95b460f3
- Size
  
  325KB
- MD5
  
  691d85a758a7a4eb46fa73d2ca4a4123
- SHA1
  
  f36b73fa22a5b9552aff7300fe320df05cfa607a
- SHA256
  
  3dbed425bb064bebb7e49003d553f9624548b1001643ab7afa39b16e95b460f3
- SHA512
  
  2daee688d1ed4f3dbab5fa71daf4993a0dfa90415d1754188385f9d895430bd99c46d908c6fab38a0f980a64aefe59baca8ca40eaf5cccfaaec4456605b1b6cf
- SSDEEP
  
  6144:MX6hUnx4v/eeRCcpUIpoCQZ0Hyzbw8B6F6yX:U6SY/eeocpUIpk0H4w8BVe
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan