smokeloader | 55d3e05d7c8ee399ca913f4bfecb92b2a79da514c8b0ea786d659bd798a86d5b | Triage

Sharing

General

Target

55d3e05d7c8ee399ca913f4bfecb92b2a79da514c8b0ea786d659bd798a86d5b
Size

162KB
Sample

241215-qx6vrsvrdz
MD5

1fa4486eeebc4493c59a395766eb236f
SHA1

1b48bdd0c4b35d7b1ce7c28790136cb6abaf6ef3
SHA256

55d3e05d7c8ee399ca913f4bfecb92b2a79da514c8b0ea786d659bd798a86d5b
SHA512

0053319c699951257ac7aa9351dbf7755963a39f261f8a9cc948d3f5ff929f44c1261226dc20913ff247f63482a1872323526571dc30e72ca9c2782a93c149b8
SSDEEP

3072:dddIQbmQ1ZEGM9v8H5J0ZA9xwJ1d1Wjh7JvwwxGU+JDtmHu6nep:dDbmqe9v0+Xz2FSwxN+BoOj

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  55d3e05d7c8ee399ca913f4bfecb92b2a79da514c8b0ea786d659bd798a86d5b
- Size
  
  162KB
- MD5
  
  1fa4486eeebc4493c59a395766eb236f
- SHA1
  
  1b48bdd0c4b35d7b1ce7c28790136cb6abaf6ef3
- SHA256
  
  55d3e05d7c8ee399ca913f4bfecb92b2a79da514c8b0ea786d659bd798a86d5b
- SHA512
  
  0053319c699951257ac7aa9351dbf7755963a39f261f8a9cc948d3f5ff929f44c1261226dc20913ff247f63482a1872323526571dc30e72ca9c2782a93c149b8
- SSDEEP
  
  3072:dddIQbmQ1ZEGM9v8H5J0ZA9xwJ1d1Wjh7JvwwxGU+JDtmHu6nep:dDbmqe9v0+Xz2FSwxN+BoOj
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan