smokeloader | aed178c142086be0416975e80515ee2301cb8ad9e6f6f852b199fa142bba51bc | Triage

Sharing

General

Target

caspol.exe
Size

85KB
Sample

241120-vggm6atrdr
MD5

349b01d00e67f73554971a7059dc44a1
SHA1

45e5bc1a2f1fb80c4b0002f88e854efe77ac7d2a
SHA256

aed178c142086be0416975e80515ee2301cb8ad9e6f6f852b199fa142bba51bc
SHA512

98eab765f9c38b27d31516ffa7eaa945a94db27ef31a6e94ec63ccc94664d58cdd8082a3b7bb09dcd483fa8b16fc9c4b123b3256cd0c93809994ddeec782129b
SSDEEP

1536:Mv12CLp7WB+RdtK4QjXvqu51mbgIxIS4yEqlQ8A9Qvvrdo:E2ug2gIxIS0O09Qho

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  caspol.exe
- Size
  
  85KB
- MD5
  
  349b01d00e67f73554971a7059dc44a1
- SHA1
  
  45e5bc1a2f1fb80c4b0002f88e854efe77ac7d2a
- SHA256
  
  aed178c142086be0416975e80515ee2301cb8ad9e6f6f852b199fa142bba51bc
- SHA512
  
  98eab765f9c38b27d31516ffa7eaa945a94db27ef31a6e94ec63ccc94664d58cdd8082a3b7bb09dcd483fa8b16fc9c4b123b3256cd0c93809994ddeec782129b
- SSDEEP
  
  1536:Mv12CLp7WB+RdtK4QjXvqu51mbgIxIS4yEqlQ8A9Qvvrdo:E2ug2gIxIS0O09Qho
Score

10^/10

discovery smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

smokeloaderbackdoordiscoverytrojan