smokeloader | b6864ad94a236fef782b2ec2718548623c386608f84ca59e64b0e18740225906 | Triage

Sharing

General

Target

b6864ad94a236fef782b2ec2718548623c386608f84ca59e64b0e18740225906
Size

115KB
Sample

241215-r64mfaxmes
MD5

14696b764f0adabbd852280e7f9900e3
SHA1

92c99d7a5cd8049eda23d66ec6c6198d6b5081c8
SHA256

b6864ad94a236fef782b2ec2718548623c386608f84ca59e64b0e18740225906
SHA512

76f22ba6f63c24c2a481cb68f212fa9029a4ab7d470a27afd245860d1c7f354765c17a1ef027bb8c816505eb1911d998f0d7da50379edcf011bbac093119d6db
SSDEEP

3072:AUCTEatTXD8m/4AVtN1y7Fyw725++IYvtjlSsAW:AHgatbDfVSFy2+jSs

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  3f5f2f72994f7d3c24b93fbf7061fd81a02957c53c8c9baf92be1f44430b3aff.exe
- Size
  
  173KB
- MD5
  
  776411c41ad36b6a973e9fbf34586ab9
- SHA1
  
  9afabe1c1cc82bfdfdecfed8f596a3b892df64d3
- SHA256
  
  3f5f2f72994f7d3c24b93fbf7061fd81a02957c53c8c9baf92be1f44430b3aff
- SHA512
  
  e36f14597e2720671018d55ea7b119eadca3b7cbafe2d6e038503be8ad0641f0f5b8d473fbd4293a2a0e51df652d98129206d973a46aa658b29ea240705ab141
- SSDEEP
  
  3072:JOd6f37LYfIhVhA7/xRy081JjKXOw8NgvEtSCCYJzJfu:c2LYfIhVhA721QXBCtSC5Jf
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan