smokeloader | d0423cfb4f1994a56fe24b1c6390ad7cdda593fae4e724c3c75878edaf3a3a4a | Triage

Sharing

General

Target

d0423cfb4f1994a56fe24b1c6390ad7cdda593fae4e724c3c75878edaf3a3a4a
Size

130KB
Sample

241215-q8rj8awmbs
MD5

60ea53658713dc75a0c2571852684d99
SHA1

6e6b555f118540cdbe80701a6b38ffca40635ed9
SHA256

d0423cfb4f1994a56fe24b1c6390ad7cdda593fae4e724c3c75878edaf3a3a4a
SHA512

f67acfc770fb01d3f39ad6c0edd569eacb1f5a1f05eddc25e0e1f1d7067e4324fcb5f1e943fe3fa5c5f7239f96812fde0dd45e61297518c2d5566f43a1f3ef0e
SSDEEP

3072:p9SaATyjG7YwVbzdbsRAXMjH4v7/T6JPrJqIygPPuC4KLeFL:p97ATUG1bhz8jYj/TcTEAp4KLUL

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  67c256bdbf3b71851b74027cc33d42c18c9ee2e8acadf545732c31736f9efd3a
- Size
  
  208KB
- MD5
  
  04f3bcaae48e45ec40fb5e3b593f792d
- SHA1
  
  56ef614422d15cb694775b0b1a56c4aad8cae49e
- SHA256
  
  67c256bdbf3b71851b74027cc33d42c18c9ee2e8acadf545732c31736f9efd3a
- SHA512
  
  ad9302970783bbdea4f378001e1a485d5abd8e7b76fc409113f03d965d02373b4065f73215e5e04ac53206827685661f6ceff7687268f5445006a38cffb20a58
- SSDEEP
  
  3072:NvixpFOTR+LLS4AW9SieO1ZGMsuSjLKh1AIottRv4K+:ZJW9N2sSjLK0Iott
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan