smokeloader | d8807d028830ab2695f88c55d25809a4d7feb29fd5dc13c73c77c26902355e25 | Triage

Sharing

General

Target

d8807d028830ab2695f88c55d25809a4d7feb29fd5dc13c73c77c26902355e25
Size

334KB
Sample

241215-q8fgyswlhw
MD5

01268c5b74b16045d3d3f534780f2f6b
SHA1

4c408045045ee7a24d001acee79ab07473430cc9
SHA256

d8807d028830ab2695f88c55d25809a4d7feb29fd5dc13c73c77c26902355e25
SHA512

a3b23ecf5e3fc8155a6904dc7e2a37305f2232160e0319d91d6904d29193f4afcc3fe28935e6016cfe1069e93ca54d13967ebb351540407bca6a466a5eeaf18d
SSDEEP

6144:KhQNPUKzNQZY4ApIyn7br7jX/Ji7q3vjpPnFwCLLObfwB:PPUqRN2OrJ7bxqC3O

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  d8807d028830ab2695f88c55d25809a4d7feb29fd5dc13c73c77c26902355e25
- Size
  
  334KB
- MD5
  
  01268c5b74b16045d3d3f534780f2f6b
- SHA1
  
  4c408045045ee7a24d001acee79ab07473430cc9
- SHA256
  
  d8807d028830ab2695f88c55d25809a4d7feb29fd5dc13c73c77c26902355e25
- SHA512
  
  a3b23ecf5e3fc8155a6904dc7e2a37305f2232160e0319d91d6904d29193f4afcc3fe28935e6016cfe1069e93ca54d13967ebb351540407bca6a466a5eeaf18d
- SSDEEP
  
  6144:KhQNPUKzNQZY4ApIyn7br7jX/Ji7q3vjpPnFwCLLObfwB:PPUqRN2OrJ7bxqC3O
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan