smokeloader | f4359cd3ddf87d76b0fa4e659ce583c0f8b619e1779daba576e0f00fc42eb011 | Triage

Sharing

General

Target

f4359cd3ddf87d76b0fa4e659ce583c0f8b619e1779daba576e0f00fc42eb011
Size

105KB
Sample

241215-r17rxaxlcw
MD5

8517ea4f241bbab1464ba8f0b88b5a4f
SHA1

a9016e0f4d3400c9d04e571feef9dc7f33c49489
SHA256

f4359cd3ddf87d76b0fa4e659ce583c0f8b619e1779daba576e0f00fc42eb011
SHA512

5a2d4c5f5e640f3b80b4da3def043ee784c5ce111462368ca622c947fee5d6df4764ff784b8f5599a20c7b8487e0c3a28fc4c9dc5831af1076055ffffab473fb
SSDEEP

3072:gZUTlgCUTXh6+aLm6FLldOGscpMfY7/07pMQKHMYCSscTo:gygCEx6+ar0e7/0XKsYCSDo

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  859db3c6bd0a7606f70fdfbc3fac7c7a6bbdc8cfed3de3db9476d5c8e462eaf5.exe
- Size
  
  154KB
- MD5
  
  559da814e4ed045255cb44611490f1ad
- SHA1
  
  de7f9aee9f2e73270650076f9d2794a45b841ed1
- SHA256
  
  859db3c6bd0a7606f70fdfbc3fac7c7a6bbdc8cfed3de3db9476d5c8e462eaf5
- SHA512
  
  d2cda3733175985ea1dd0092b77f947360cdf01abf582381d33adb112a4f2958b9a2c10355a97f3c0c362d3a4c533538cdf99f70bf5334e0c4a6b835f044d09d
- SSDEEP
  
  3072:bYbmLFcCJ6q58QcV2J9Vi6KPwpTMtUwvJrJ:FLFcCJa7UliPwpwe25
Score

10^/10

smokeloader pub2 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoortrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan