smokeloader | 1ebaede751e7c84725a05ad56364c873c53711485e37128cdd64b1c8af43b1c3 | Triage

Sharing

General

Target

1ebaede751e7c84725a05ad56364c873c53711485e37128cdd64b1c8af43b1c3
Size

207KB
Sample

241215-q7yl5sxrdn
MD5

bb9fec798c76678a9113c967efa9647c
SHA1

19a6e628f455afd5fb3c7591e642e76a2bfc5e78
SHA256

1ebaede751e7c84725a05ad56364c873c53711485e37128cdd64b1c8af43b1c3
SHA512

87300e22b3cd63a198d2e1f423744374a19487a1971f2833a073b395a5a72127305d85f4558778aa2d8cdbe4fe6a68ac43aa5643f9db3a4ed513dcd32eb3ab5c
SSDEEP

3072:XPdw2xBZSR+5YSLPKL/56Mnkj54N+xaqJRv4K+:TZnYSDu/56wk94N+xaqJ

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  1ebaede751e7c84725a05ad56364c873c53711485e37128cdd64b1c8af43b1c3
- Size
  
  207KB
- MD5
  
  bb9fec798c76678a9113c967efa9647c
- SHA1
  
  19a6e628f455afd5fb3c7591e642e76a2bfc5e78
- SHA256
  
  1ebaede751e7c84725a05ad56364c873c53711485e37128cdd64b1c8af43b1c3
- SHA512
  
  87300e22b3cd63a198d2e1f423744374a19487a1971f2833a073b395a5a72127305d85f4558778aa2d8cdbe4fe6a68ac43aa5643f9db3a4ed513dcd32eb3ab5c
- SSDEEP
  
  3072:XPdw2xBZSR+5YSLPKL/56Mnkj54N+xaqJRv4K+:TZnYSDu/56wk94N+xaqJ
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan