smokeloader | 25ab6702581d90af1241e795e90ef3f4a4d9a2da1d3bb3cd9772d3a9461a1660 | Triage

Sharing

General

Target

25ab6702581d90af1241e795e90ef3f4a4d9a2da1d3bb3cd9772d3a9461a1660N.exe
Size

320KB
Sample

241207-grjcvazjby
MD5

6da7977eb2e055ffc28b28ccb548bb70
SHA1

97396b3a6c92e64b1db9dac965c0847d6c5a4571
SHA256

25ab6702581d90af1241e795e90ef3f4a4d9a2da1d3bb3cd9772d3a9461a1660
SHA512

19cf2518823073542737108418f3b19ddade91278fb40d0f0ba98714af277747a2e31ae82a52e6a78385dd9fc2449e3f87ff3ca77b596527d50b4c7f7f815c1d
SSDEEP

6144:ds3OUy4iLaSh+dTaJ7GWgTi0qr0fC9IlJGWcSF:dAyrmSh+dky7P/fllJASF

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  25ab6702581d90af1241e795e90ef3f4a4d9a2da1d3bb3cd9772d3a9461a1660N.exe
- Size
  
  320KB
- MD5
  
  6da7977eb2e055ffc28b28ccb548bb70
- SHA1
  
  97396b3a6c92e64b1db9dac965c0847d6c5a4571
- SHA256
  
  25ab6702581d90af1241e795e90ef3f4a4d9a2da1d3bb3cd9772d3a9461a1660
- SHA512
  
  19cf2518823073542737108418f3b19ddade91278fb40d0f0ba98714af277747a2e31ae82a52e6a78385dd9fc2449e3f87ff3ca77b596527d50b4c7f7f815c1d
- SSDEEP
  
  6144:ds3OUy4iLaSh+dTaJ7GWgTi0qr0fC9IlJGWcSF:dAyrmSh+dky7P/fllJASF
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan