smokeloader | 8734fc4166831e5f4dc8d8978354d0ce749d259db7abd17171ffd0faedeb2908 | Triage

Sharing

General

Target

8734fc4166831e5f4dc8d8978354d0ce749d259db7abd17171ffd0faedeb2908
Size

260KB
Sample

241215-qwae6sxmap
MD5

e393f4e926b8a1fee319554600faa50d
SHA1

5e3a8d20e9f6be767e566fa822a0f2d3d44dcdac
SHA256

8734fc4166831e5f4dc8d8978354d0ce749d259db7abd17171ffd0faedeb2908
SHA512

46c898a4f81810bb6e139b6d031bb36a981302a2fece22301658a03d23f1fafeace47bd29a041cc209c6e6ea4b23d6ff5067d5c8679af2f820f833cf53775aa9
SSDEEP

3072:Mr2H8uBqJyCLmBDERz55vvZLpwfKKm2Fm5/XturdYcPnOkWShvKKOV0u9jMqH+ez:KuBO1LqDOtpw9Pm5lurPPnO0YhpMUPa

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  8734fc4166831e5f4dc8d8978354d0ce749d259db7abd17171ffd0faedeb2908
- Size
  
  260KB
- MD5
  
  e393f4e926b8a1fee319554600faa50d
- SHA1
  
  5e3a8d20e9f6be767e566fa822a0f2d3d44dcdac
- SHA256
  
  8734fc4166831e5f4dc8d8978354d0ce749d259db7abd17171ffd0faedeb2908
- SHA512
  
  46c898a4f81810bb6e139b6d031bb36a981302a2fece22301658a03d23f1fafeace47bd29a041cc209c6e6ea4b23d6ff5067d5c8679af2f820f833cf53775aa9
- SSDEEP
  
  3072:Mr2H8uBqJyCLmBDERz55vvZLpwfKKm2Fm5/XturdYcPnOkWShvKKOV0u9jMqH+ez:KuBO1LqDOtpw9Pm5lurPPnO0YhpMUPa
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan