smokeloader | 4a32b95f5d2b586bb6b619d8c84a881fe239f199b7decb0a642eea30e3f38303 | Triage

Sharing

General

Target

4a32b95f5d2b586bb6b619d8c84a881fe239f199b7decb0a642eea30e3f38303
Size

330KB
Sample

241215-qya5gsvret
MD5

3217e1a8377eb0c1b0a9fbe3204ac5fe
SHA1

13e4aa49960e490ff6963a70a3147fa07af926c9
SHA256

4a32b95f5d2b586bb6b619d8c84a881fe239f199b7decb0a642eea30e3f38303
SHA512

8af80137d7855d92bee752c0e64f1a998dcf4e4669c719e4a6c96371469b9ac9374b6e0c5d2e91e152ad0d6047eeb2050c3da7f90ea4afa118b81e758b05a1fb
SSDEEP

6144:6zxy/CluUz7aC67nh3jhVVPE+O1voXc4:Cs/27a93tDO

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  4a32b95f5d2b586bb6b619d8c84a881fe239f199b7decb0a642eea30e3f38303
- Size
  
  330KB
- MD5
  
  3217e1a8377eb0c1b0a9fbe3204ac5fe
- SHA1
  
  13e4aa49960e490ff6963a70a3147fa07af926c9
- SHA256
  
  4a32b95f5d2b586bb6b619d8c84a881fe239f199b7decb0a642eea30e3f38303
- SHA512
  
  8af80137d7855d92bee752c0e64f1a998dcf4e4669c719e4a6c96371469b9ac9374b6e0c5d2e91e152ad0d6047eeb2050c3da7f90ea4afa118b81e758b05a1fb
- SSDEEP
  
  6144:6zxy/CluUz7aC67nh3jhVVPE+O1voXc4:Cs/27a93tDO
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan