smokeloader | 0bcbe52b66b4fd45e699feb4c396fccc8dd92a6903cface41f90e68086fa0641 | Triage

Sharing

General

Target

0bcbe52b66b4fd45e699feb4c396fccc8dd92a6903cface41f90e68086fa0641
Size

9.9MB
Sample

241207-yey17szne1
MD5

f766ef0cd896381118a051d69034c89e
SHA1

392044164423497a8aea798be18cea00a5a364ee
SHA256

0bcbe52b66b4fd45e699feb4c396fccc8dd92a6903cface41f90e68086fa0641
SHA512

a230a99f5a6b0579c4190e0366d108e23eb492b373acb40ba792352812cebe740a8c4e4bf23bc42377f0a1c9cbf47159a296d5728e4db229cf4baa2688ecdf73
SSDEEP

12288:sxmGsdY0LoOaHbjo0xKeicjACAAjF6L05HATfy8:sxEpLEycplOWHATf7

Score

10^/10

smokeloader papa backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

papa

Targets

- Target
  
  0bcbe52b66b4fd45e699feb4c396fccc8dd92a6903cface41f90e68086fa0641
- Size
  
  9.9MB
- MD5
  
  f766ef0cd896381118a051d69034c89e
- SHA1
  
  392044164423497a8aea798be18cea00a5a364ee
- SHA256
  
  0bcbe52b66b4fd45e699feb4c396fccc8dd92a6903cface41f90e68086fa0641
- SHA512
  
  a230a99f5a6b0579c4190e0366d108e23eb492b373acb40ba792352812cebe740a8c4e4bf23bc42377f0a1c9cbf47159a296d5728e4db229cf4baa2688ecdf73
- SSDEEP
  
  12288:sxmGsdY0LoOaHbjo0xKeicjACAAjF6L05HATfy8:sxEpLEycplOWHATf7
Score

10^/10

smokeloader papa backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpapabackdoordiscoverytrojan

behavioral2

smokeloaderpapabackdoordiscoverytrojan