smokeloader | ba14eaa8d2643fbca9b967b345218bd8cc8ad690e0ded1d5987e56b6f02b6167 | Triage

Sharing

General

Target

ba14eaa8d2643fbca9b967b345218bd8cc8ad690e0ded1d5987e56b6f02b6167
Size

267KB
Sample

241215-qvr9laxlgm
MD5

7f101b8687e6507b0ff0ff0af6554405
SHA1

8632a76c28daa3b52e2d20066f4f66e21533b30a
SHA256

ba14eaa8d2643fbca9b967b345218bd8cc8ad690e0ded1d5987e56b6f02b6167
SHA512

953ddbd969b4c3be92728e0cbdab08784b4d9885cc63a4ffca188b94586cff40a8c1f04ce068822be524088b9af81d2634702657e10853eaea636358ec55e40f
SSDEEP

6144:taHuwLe3IPxSCAI1IDqIx6fth74uZa6eq:taHPa3ox/AYIDqRth7O4

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  ba14eaa8d2643fbca9b967b345218bd8cc8ad690e0ded1d5987e56b6f02b6167
- Size
  
  267KB
- MD5
  
  7f101b8687e6507b0ff0ff0af6554405
- SHA1
  
  8632a76c28daa3b52e2d20066f4f66e21533b30a
- SHA256
  
  ba14eaa8d2643fbca9b967b345218bd8cc8ad690e0ded1d5987e56b6f02b6167
- SHA512
  
  953ddbd969b4c3be92728e0cbdab08784b4d9885cc63a4ffca188b94586cff40a8c1f04ce068822be524088b9af81d2634702657e10853eaea636358ec55e40f
- SSDEEP
  
  6144:taHuwLe3IPxSCAI1IDqIx6fth74uZa6eq:taHPa3ox/AYIDqRth7O4
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan