smokeloader | 648b9fcb0d85951f137b26f99fa67778e2209dc9b0c8fe805830544a571105e9 | Triage

Sharing

General

Target

648b9fcb0d85951f137b26f99fa67778e2209dc9b0c8fe805830544a571105e9
Size

142KB
Sample

241215-qx9awsxmhq
MD5

129d305f671e2e991f48b6beaa39ba3f
SHA1

a69432b2a84d88612c10b89c83e6fd89efc2336f
SHA256

648b9fcb0d85951f137b26f99fa67778e2209dc9b0c8fe805830544a571105e9
SHA512

69fea6677e7324a8359f8fbb7e3e7e0562b47ad0310ed7a3b0f0f0f2a8ca2f4c5d349b3f5b599bbcf0783f72a19b5fea7375ea19aa323f4601a4b6ba9842b799
SSDEEP

3072:VAbRXMzo0nBoA+ci4EnpT2mGYFgPXojhcRtaNxhy29OUF2IzwXhAof:at50neA+D7pT2hvoV2tyJ9nu/

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  4d7eab317eab4a18d7754cf026eafb3e3f1fcc76e833c41ae4a30d158c0a4465
- Size
  
  217KB
- MD5
  
  2b4a45aae59c924884e40693addcbd92
- SHA1
  
  675770ca2ed521ff9a7844a104fa8a3b8b815d35
- SHA256
  
  4d7eab317eab4a18d7754cf026eafb3e3f1fcc76e833c41ae4a30d158c0a4465
- SHA512
  
  a0d1695b9ca9ef92c31b52c06969dddb064a3ac1ca0f264c0e55ba0b0d4c610ecbe76d5670a26d14c3e37346d112ee09882df151dcc92de23144f7582dd7e036
- SSDEEP
  
  3072:FwHS4GEP2JOgQLZ/a6/ZOv+5rxoggbefduQsgOJygmoM/cbVfgAF/+1x:Fw9OJkLZ/a0ZOgBgbeLxFf/c9gAlw
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan