smokeloader | 645ee0535f2ada91b101c0029f2fb71de2a27c10a5446e84d3547968ea36eafe | Triage

Submit
Reports

Overview

overview

Static

static

1

GuidanceCo...rs.exe

windows7-x64

7

GuidanceCo...rs.exe

windows10-2004-x64

Sharing

General

Target

GuidanceConnectors.exe
Size

741KB
Sample

241121-tqdgesxqhq
MD5

211dd0cc3da148c5bc61389693fd284f
SHA1

75e6bd440e37240fee4bf7ae01109093490ac5a7
SHA256

645ee0535f2ada91b101c0029f2fb71de2a27c10a5446e84d3547968ea36eafe
SHA512

628bb927b5a85674ed1f762d4c42e8e9f55859cd626ab0f01b7d47ee4c74ff5775ceafc4a45864344d5dd13e588fe60b6a121b00dac79276689d0a9970d12e89
SSDEEP

12288:0CUIDSqmWYzAoweej5i03v54L/sYZf2J8weqNjpnB5CLMjHgGXyPGSifD:0amqmWYde1/4LiJleEd/IMjHxplr

Score

10^/10

smokeloader backdoor discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

GuidanceConnectors.exe

Resource

win7-20240903-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

GuidanceConnectors.exe

Resource

win10v2004-20241007-en

smokeloader backdoor discovery trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  GuidanceConnectors.exe
- Size
  
  741KB
- MD5
  
  211dd0cc3da148c5bc61389693fd284f
- SHA1
  
  75e6bd440e37240fee4bf7ae01109093490ac5a7
- SHA256
  
  645ee0535f2ada91b101c0029f2fb71de2a27c10a5446e84d3547968ea36eafe
- SHA512
  
  628bb927b5a85674ed1f762d4c42e8e9f55859cd626ab0f01b7d47ee4c74ff5775ceafc4a45864344d5dd13e588fe60b6a121b00dac79276689d0a9970d12e89
- SSDEEP
  
  12288:0CUIDSqmWYzAoweej5i03v54L/sYZf2J8weqNjpnB5CLMjHgGXyPGSifD:0amqmWYde1/4LiJleEd/IMjHxplr
Score

10^/10

discovery smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

smokeloaderbackdoordiscoverytrojan

© 2018-2024

Terms | Privacy