smokeloader | 98f5c79d10fc59739f9fb389dfa876d13d5635a28bd50d4e0982a4dae9e4a979 | Triage

Sharing

General

Target

98f5c79d10fc59739f9fb389dfa876d13d5635a28bd50d4e0982a4dae9e4a979
Size

114KB
Sample

241215-qysdrsvrfw
MD5

57caefe9fd23418f63d31d2bf81d6d4b
SHA1

7efca86946dab0aba317e15e0b0707f55b2367c6
SHA256

98f5c79d10fc59739f9fb389dfa876d13d5635a28bd50d4e0982a4dae9e4a979
SHA512

515de43e30bcf46ab60cdbe3a80c067693758d274888433d7bb67fcb4584d31bde2a96ac621758657e54a9f3bfa5934a8e6d4091c84f64be1131638a4a5237cf
SSDEEP

3072:YNg28kI2nkqaCY9GLje2hs+H9ZFMA/5RKMd5dOlIP5JdoC:YNgkhkqaOeMH9rMk5gMXcsVoC

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  44119c5cac7bb21e8d3ca60e92c53851447f4e5783e8b96718ed9dd6ef2fbc02.exe
- Size
  
  173KB
- MD5
  
  6649201835a85bdd9ebc28756c699dbc
- SHA1
  
  fd9bfdefe001182ee27070690e58aacb0074b92e
- SHA256
  
  44119c5cac7bb21e8d3ca60e92c53851447f4e5783e8b96718ed9dd6ef2fbc02
- SHA512
  
  53516bcf434ea2994f31e6f2f529d4ee6373c453ce5747793fb2c9801264130b5df6b1ca5c234f6428b4fd484102add3ab7b7b7dd4d2b3ded91c3e9f7d8edd10
- SSDEEP
  
  3072:BZFNLWYLQw96Y/zRPdUQDkl69BAJbZT0Q21DTZ8dg68j0R:HxLQw968pdDDTUJ9T61ROs
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan