smokeloader | 9bc08b6a4cd5aa9930c986a2821bfbf18c96ad70023de721d783097503197699 | Triage

Sharing

General

Target

9bc08b6a4cd5aa9930c986a2821bfbf18c96ad70023de721d783097503197699
Size

285KB
Sample

241215-qw8b7sxmek
MD5

d55d2ec8fd5de598a396c61a5ba3f761
SHA1

e9f94a0e4e8e5202d4d08ced986f1dffab59d7c0
SHA256

9bc08b6a4cd5aa9930c986a2821bfbf18c96ad70023de721d783097503197699
SHA512

5444928067b27d1443498cbaedfa24dee37e6650867390ae2610b98b599c5b5b16a77ee8359523b5a6d0cd3f00d50cd3cff6a671fbd4ea7185883de15cd6f502
SSDEEP

3072:Lm5FidujdvT5bAv4pjbZU2fMepROutp3xz9dtDDLVSVgtF/Dw:kiQttAwU20qOud9/XL0Vgq

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  9bc08b6a4cd5aa9930c986a2821bfbf18c96ad70023de721d783097503197699
- Size
  
  285KB
- MD5
  
  d55d2ec8fd5de598a396c61a5ba3f761
- SHA1
  
  e9f94a0e4e8e5202d4d08ced986f1dffab59d7c0
- SHA256
  
  9bc08b6a4cd5aa9930c986a2821bfbf18c96ad70023de721d783097503197699
- SHA512
  
  5444928067b27d1443498cbaedfa24dee37e6650867390ae2610b98b599c5b5b16a77ee8359523b5a6d0cd3f00d50cd3cff6a671fbd4ea7185883de15cd6f502
- SSDEEP
  
  3072:Lm5FidujdvT5bAv4pjbZU2fMepROutp3xz9dtDDLVSVgtF/Dw:kiQttAwU20qOud9/XL0Vgq
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan