smokeloader | dd5f9fbc7ed26e60882abf776a21609355253fc0b7987e1aba3b4bf5c5fbdccb | Triage

Sharing

General

Target

dd5f9fbc7ed26e60882abf776a21609355253fc0b7987e1aba3b4bf5c5fbdccb
Size

333KB
Sample

241215-rbjnsawncv
MD5

bee4f8681f3ed92bda1b38daa10caab9
SHA1

373b9ec91bc795eb4641b62c777f3dca57c26b62
SHA256

dd5f9fbc7ed26e60882abf776a21609355253fc0b7987e1aba3b4bf5c5fbdccb
SHA512

3be63511db13ef26100647ef8a0369bde3b3aeb823a841424480d38c3cf086b8fb37aad269e46d2def59fa8e260bff8436adb6bde97adae85ed0da47d6cb627b
SSDEEP

6144:hiwu+z5m2KQkKmStZ0aquVZVe+Hjh+3oQ9gOU+fzYQ:FuS2KH0U/VPc9g

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  dd5f9fbc7ed26e60882abf776a21609355253fc0b7987e1aba3b4bf5c5fbdccb
- Size
  
  333KB
- MD5
  
  bee4f8681f3ed92bda1b38daa10caab9
- SHA1
  
  373b9ec91bc795eb4641b62c777f3dca57c26b62
- SHA256
  
  dd5f9fbc7ed26e60882abf776a21609355253fc0b7987e1aba3b4bf5c5fbdccb
- SHA512
  
  3be63511db13ef26100647ef8a0369bde3b3aeb823a841424480d38c3cf086b8fb37aad269e46d2def59fa8e260bff8436adb6bde97adae85ed0da47d6cb627b
- SSDEEP
  
  6144:hiwu+z5m2KQkKmStZ0aquVZVe+Hjh+3oQ9gOU+fzYQ:FuS2KH0U/VPc9g
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan