smokeloader | 451770b6d35fa58c25fdf564c53ac9bb9d0adf065d50b135186fa288b81b982f | Triage

Sharing

General

Target

451770b6d35fa58c25fdf564c53ac9bb9d0adf065d50b135186fa288b81b982f
Size

200KB
Sample

241111-jfg2ravma1
MD5

032f0fde167639a697d1f395ed1b6d21
SHA1

4b7af87272bdda7f4d9872b7e96ee7479b60dd66
SHA256

451770b6d35fa58c25fdf564c53ac9bb9d0adf065d50b135186fa288b81b982f
SHA512

d4c667e0035442d40e2bbcbf6d856de1d81b69bd530a4af6522027d9d8f321dd30b2187daaa5f82192204650377b7b95411fbe44ff1ed8fd09f078fcc0c30d2e
SSDEEP

3072:gjnBjHtGII92pmoEthhpmuxwGl55+b0m9TT075sohIxAwjtqAG8:oW0gPhpmuUwATT07a4Bwjtw

Score

10^/10

smokeloader 555 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

555

Targets

- Target
  
  451770b6d35fa58c25fdf564c53ac9bb9d0adf065d50b135186fa288b81b982f
- Size
  
  200KB
- MD5
  
  032f0fde167639a697d1f395ed1b6d21
- SHA1
  
  4b7af87272bdda7f4d9872b7e96ee7479b60dd66
- SHA256
  
  451770b6d35fa58c25fdf564c53ac9bb9d0adf065d50b135186fa288b81b982f
- SHA512
  
  d4c667e0035442d40e2bbcbf6d856de1d81b69bd530a4af6522027d9d8f321dd30b2187daaa5f82192204650377b7b95411fbe44ff1ed8fd09f078fcc0c30d2e
- SSDEEP
  
  3072:gjnBjHtGII92pmoEthhpmuxwGl55+b0m9TT075sohIxAwjtqAG8:oW0gPhpmuUwATT07a4Bwjtw
Score

10^/10

smokeloader 555 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader555backdoordiscoverytrojan

behavioral2

smokeloader555backdoordiscoverytrojan