smokeloader | acaca1ba628869e2ca4e80f0bf2c807a76d1e6e67a29c63279e12df970b22715 | Triage

Sharing

General

Target

acaca1ba628869e2ca4e80f0bf2c807a76d1e6e67a29c63279e12df970b22715
Size

158KB
Sample

241215-q76yhswlg1
MD5

8751aaf6ef9fc9e1f4733356c8c1c712
SHA1

cc7a6692da5a54deb0b95c1b3e1709a10a7d8ab0
SHA256

acaca1ba628869e2ca4e80f0bf2c807a76d1e6e67a29c63279e12df970b22715
SHA512

d7db35adaa629f93e0bc6f2d90cdb84ddf6cf02ad6a9d500820f81c4326babd77e4a20d43c875d010c07828e379a06a39089e97108cd7e61c38598df52cdf672
SSDEEP

3072:/40KLB8wdt6bh0v13xnkTbJnUWXC7HoyjFvOajgEgX4TDKg8E:/4qw70qZxk/J5XC7HljhOaSX4vKRE

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  b0979217247a9395badd4bfce4338a3eb2e1f7fafbfe7b6916441f67dc0b89b2
- Size
  
  260KB
- MD5
  
  74fa30ee464de6d8bdf22d6a9d4d68ac
- SHA1
  
  e0f1e7582495c6bc0aa7972bde78ad2ad2188829
- SHA256
  
  b0979217247a9395badd4bfce4338a3eb2e1f7fafbfe7b6916441f67dc0b89b2
- SHA512
  
  5935553fa21a35072cd8f42ba0070c38a0d8d2119588298ebbde27dbc8b47edfd350a31100e5dd8a89a4aa2c8fd14e8f9415e19d5299b40c84accea6e773e33b
- SSDEEP
  
  3072:nZCOWBUAUhL3Xi2Yoq5ZYjdpRRO9Q0kXC7HoyOvtNvKXvKAfVuDuM/h3:zWBJsLniFwIkXC7HlOvzKyAKu
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan