smokeloader | d6398179327d04be805a690981089ec7e3074ce85ecd598ad738a0cfd7e09772 | Triage

Sharing

General

Target

d6398179327d04be805a690981089ec7e3074ce85ecd598ad738a0cfd7e09772
Size

130KB
Sample

241215-qw33gsxmdp
MD5

005d7c22eb4aa3635ea04cfa25c66cf4
SHA1

ba26e235ddf57ef9c70c11d59de95ae80a5cf7a4
SHA256

d6398179327d04be805a690981089ec7e3074ce85ecd598ad738a0cfd7e09772
SHA512

01db21c12c5f6bed2efcdb8e1aa844362595db8ba40d191f05049684281ebe226cbd638dabfaba7d35336be8808751e98ee86efd4469f9ae4e5482bef1a13eb5
SSDEEP

3072:zEyEZiqnaFhHpW9jGp8Xscy8Tl4eeImEWn2J9ppFpZnweccm:IyO2HsqcNuFrn2JVFpBc3

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  99422254a429f65860b0e0a0df37460f667246617556f963fd9eeae1576c481d
- Size
  
  207KB
- MD5
  
  92ea8d2a8b0bf0e4d01ebf268c31235b
- SHA1
  
  54c15f48800b03fc5c75b399971cb48b83909012
- SHA256
  
  99422254a429f65860b0e0a0df37460f667246617556f963fd9eeae1576c481d
- SHA512
  
  5c3be424e7a05702d640817b025789ad7bb047b052230450862804a1c05cd6692876662811f35bfc581cba718599a65dddb03b7d04c72ea6dac6671c8b69aa48
- SSDEEP
  
  3072:JLMCLs9SfleRFhVDMoDUYbLmip31VhA2NpZsMb8G1tRv4b:eEQV4ebXplVm2L2lGn
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan