smokeloader | 486672debd207bb8f52079f6f3233be6ecfed6b22d0873561b239e5842df563b | Triage

Sharing

General

Target

486672debd207bb8f52079f6f3233be6ecfed6b22d0873561b239e5842df563b
Size

103KB
Sample

241215-qwysrsvrax
MD5

a64ae326ea6c827bdf3b5647ed19f0e0
SHA1

3ce55570303d0f2b1f8fd8099b413d77ed3449b5
SHA256

486672debd207bb8f52079f6f3233be6ecfed6b22d0873561b239e5842df563b
SHA512

57275dfbfff41189a58d40684076627f040468f1a82ab5d6424648c17c6972b0c5213d77fa12c9d0592dfba06f0e3602bc9ad7a01c9ab8be9204cfdcb96b87d8
SSDEEP

3072:SsfIFcJr+yKEtKihjc1FiNMtoTZheEjg4qTig3g:Ss6cZDtK+jUFiNMwTeEnqH3g

Score

10^/10

smokeloader pub4 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Targets

- Target
  
  8a62c613b86730ad92e71241fb63621283766d8a1ed9e531cacd0c69adaa8f5d.exe
- Size
  
  153KB
- MD5
  
  cea4f55518e8c700a417bada82e5c119
- SHA1
  
  bc0663e6dbd3e990564e958938dbe1a2b214e912
- SHA256
  
  8a62c613b86730ad92e71241fb63621283766d8a1ed9e531cacd0c69adaa8f5d
- SHA512
  
  bdfbf3fdb7b04cd3229eb5875f62be97009f197969e6196595a62a92bc5d7e7e23be2e26e291d706927bec525c7e2c8b8c8aabb0f9800595afc159baf60ada70
- SSDEEP
  
  3072:56Y9LhhkLbq5M1LT/FUg16q8ciEAqNU5sV2YMgI6u:7Lhhcv1f/6g4kAqBV2YM
Score

10^/10

smokeloader pub4 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub4backdoortrojan

behavioral2

smokeloaderpub4backdoordiscoverytrojan