smokeloader | 69c9cd372464c8040f935dd4e5c87cc6afa3d7c1f74402e6b9a0969a4b53e9a3 | Triage

Sharing

General

Target

69c9cd372464c8040f935dd4e5c87cc6afa3d7c1f74402e6b9a0969a4b53e9a3
Size

335KB
Sample

241215-q7z5zaxrej
MD5

498e71bc6a5de1f7b6b2850b40bf9355
SHA1

27f8a2904b02a797718c25d93cfcbc83622a8bf0
SHA256

69c9cd372464c8040f935dd4e5c87cc6afa3d7c1f74402e6b9a0969a4b53e9a3
SHA512

24a915ac8a6848b9d18565d7a11cb8c228c6ab2f75e3e13a068d45f627ffef898b751bafad2a1cb9c4c974400f7865438d27952cf97595d2d98f06cb97f0d2b8
SSDEEP

6144:W81Yi/Lz4l3Cf0m1gzhvkCEjpPnFwCLLObfwB:WJi/QofVypsxqC3O

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  69c9cd372464c8040f935dd4e5c87cc6afa3d7c1f74402e6b9a0969a4b53e9a3
- Size
  
  335KB
- MD5
  
  498e71bc6a5de1f7b6b2850b40bf9355
- SHA1
  
  27f8a2904b02a797718c25d93cfcbc83622a8bf0
- SHA256
  
  69c9cd372464c8040f935dd4e5c87cc6afa3d7c1f74402e6b9a0969a4b53e9a3
- SHA512
  
  24a915ac8a6848b9d18565d7a11cb8c228c6ab2f75e3e13a068d45f627ffef898b751bafad2a1cb9c4c974400f7865438d27952cf97595d2d98f06cb97f0d2b8
- SSDEEP
  
  6144:W81Yi/Lz4l3Cf0m1gzhvkCEjpPnFwCLLObfwB:WJi/QofVypsxqC3O
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan