smokeloader | da437f886778242b81344dd23b14d93327081619590c51fcbafda005c3822b82 | Triage

Sharing

General

Target

da437f886778242b81344dd23b14d93327081619590c51fcbafda005c3822b82
Size

210KB
Sample

241215-r4wttaxmat
MD5

fef8c2d72a6131fb1edbc9465f235869
SHA1

59aba35af3e948a699e6fc647ed75bc8b0acf6ec
SHA256

da437f886778242b81344dd23b14d93327081619590c51fcbafda005c3822b82
SHA512

f8e4db9f5d64a7ee170881b6c50e0e9fbbd4ffb7cf3d7c56998ee738f8807202e320be95d9dbfa9690b8e1098a04ca7bc2cb3ea5025ca6f36abd2a47428f3849
SSDEEP

3072:SPhJ/nLul9GTbDF7aHF9ri/kZzieeEgevGCjU9N8UUB:gnqvGvF7aHF5iUSev5jU9N4

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  c85b2fc8a9c75b9fbe15f67bba86a9861a67c807e320b79c54a54acc9f7b2695.exe
- Size
  
  315KB
- MD5
  
  1127b0ea16edeb888968b19c28f45c8e
- SHA1
  
  908f18876f26f76474e0c628244cf485982475ed
- SHA256
  
  c85b2fc8a9c75b9fbe15f67bba86a9861a67c807e320b79c54a54acc9f7b2695
- SHA512
  
  12737c4f60e9a49400673c9d1d5e73d4e4495b95641e6a70ae3518d9b9925ba16daa95557cad61f71780f746c2a3f4d8d6aa69eea3c5dd29520e445c2cccf206
- SSDEEP
  
  6144:40GcRLRoPgy3hTLPNoY8bkn3UomRaEeLEn2E1aJ:43UNoPPhFo9k3UhRaBLUv
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan