smokeloader | 9214020c0457eb0ef549e00760bdd4a4319e2806c0d555b1575ab9252c5a5214 | Triage

Sharing

General

Target

9214020c0457eb0ef549e00760bdd4a4319e2806c0d555b1575ab9252c5a5214
Size

111KB
Sample

241215-q8h8vawlh1
MD5

c3299314a1f4c91ed12ce4fe3643ca2b
SHA1

d5f0386ee1962bb264851c855d9aaad5a4bcadc9
SHA256

9214020c0457eb0ef549e00760bdd4a4319e2806c0d555b1575ab9252c5a5214
SHA512

36e4e372c92e4d0fb2715e6f528d375ffccd71b9f14e1034d8a3f0e27ada954d06e72c6f4d47d38da67dac999b7b6fd8993a1c5b902aaa1e6a443e5b6173421e
SSDEEP

1536:6fYUidr4VoL2BRPjAtzLZUoIxjtgwsUGcjQ0dvm9VNzajl6TaWMF/W1JghCp6I7w:6fYF14DzstzNV+UUl0VNzag+nhzgVW

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  14b219cdfa43b56f83e9de536ce40e57a6041c6c3494ffca4cfe1fc72e950848
- Size
  
  162KB
- MD5
  
  359d972cb5676cf3caa5cc973a1fbb9c
- SHA1
  
  63b4407370fd0cd08684b7de5b5a0f32bf8344c0
- SHA256
  
  14b219cdfa43b56f83e9de536ce40e57a6041c6c3494ffca4cfe1fc72e950848
- SHA512
  
  36c9d39e676e99cf3c4c95c71a373b9dbc5a242324cfec443a9f19a297beefb2ace70780f413cca029d6da3444ffa656123d1fcc45f88a9fcba5aa4db2886b97
- SSDEEP
  
  3072:mbOG28dOOF4okKpd5qHVQYm0PNxNOyBLRNWq:m285Fdk3H60Fi2l
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan