smokeloader | 50b32932b9f18bcc2831aa83f4f3cca77d12540d7a78853409e18450921834ad | Triage

Sharing

General

Target

putty .exe
Size

544KB
Sample

241122-qjdxts1ncv
MD5

0e64b6d4d68876c72a62d2d393fd8e15
SHA1

91451cff1cf4f6e69731c76c7b1113e455232c9c
SHA256

50b32932b9f18bcc2831aa83f4f3cca77d12540d7a78853409e18450921834ad
SHA512

1cf9e4917fae854df6fbc844574f1a2874c8033b90a189777a292adfbee21b7a3825352935e2d65da1d14ef7603ca16d69fb1b12843329fdf43257c527b77d1e
SSDEEP

12288:QiK05T+NhaEsDPEYkk3vNLXdVonSyNAx2ssT5E04j:KttcKivRdWnSyErsG0

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  putty .exe
- Size
  
  544KB
- MD5
  
  0e64b6d4d68876c72a62d2d393fd8e15
- SHA1
  
  91451cff1cf4f6e69731c76c7b1113e455232c9c
- SHA256
  
  50b32932b9f18bcc2831aa83f4f3cca77d12540d7a78853409e18450921834ad
- SHA512
  
  1cf9e4917fae854df6fbc844574f1a2874c8033b90a189777a292adfbee21b7a3825352935e2d65da1d14ef7603ca16d69fb1b12843329fdf43257c527b77d1e
- SSDEEP
  
  12288:QiK05T+NhaEsDPEYkk3vNLXdVonSyNAx2ssT5E04j:KttcKivRdWnSyErsG0
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan