smokeloader | 6c6953ac5921ccfae5f328695e95f94d19ddc1e3b229964d84b02d0798048a50 | Triage

Sharing

General

Target

6c6953ac5921ccfae5f328695e95f94d19ddc1e3b229964d84b02d0798048a50.exe
Size

231KB
Sample

241209-q6dkksvkar
MD5

6de5a8d67aa05e6fba7e6ee7ef69c550
SHA1

5220dbacdbc2a21178652d356f94eb1f17b4edfc
SHA256

6c6953ac5921ccfae5f328695e95f94d19ddc1e3b229964d84b02d0798048a50
SHA512

a31b41c666f163b78e05794f8c2fb74be363f060f56ce116b1316b934e257be23b080169d76ee79f1f1abcb52da9762dbde134ae29e28c87d09bbd5fbf7b16fe
SSDEEP

3072:gM56ORFLlxTHRasQ6KJcAjXc2ZzW0VTpzvgW+tZORAeFF0RPkTlVPp:b5NRFLLRZQXWAjXc21VdYpOvIkrh

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  6c6953ac5921ccfae5f328695e95f94d19ddc1e3b229964d84b02d0798048a50.exe
- Size
  
  231KB
- MD5
  
  6de5a8d67aa05e6fba7e6ee7ef69c550
- SHA1
  
  5220dbacdbc2a21178652d356f94eb1f17b4edfc
- SHA256
  
  6c6953ac5921ccfae5f328695e95f94d19ddc1e3b229964d84b02d0798048a50
- SHA512
  
  a31b41c666f163b78e05794f8c2fb74be363f060f56ce116b1316b934e257be23b080169d76ee79f1f1abcb52da9762dbde134ae29e28c87d09bbd5fbf7b16fe
- SSDEEP
  
  3072:gM56ORFLlxTHRasQ6KJcAjXc2ZzW0VTpzvgW+tZORAeFF0RPkTlVPp:b5NRFLLRZQXWAjXc21VdYpOvIkrh
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan