smokeloader | 38f0a08d54942bddaa52759b1b4447d407ee02407446230124971d20b472816d | Triage

Sharing

General

Target

38f0a08d54942bddaa52759b1b4447d407ee02407446230124971d20b472816d
Size

199KB
Sample

241215-rc7f8swngx
MD5

6d4828dafed5c3f706de5ec744248e43
SHA1

fc8d982965eb9edb18c8960fde532d96b55984a0
SHA256

38f0a08d54942bddaa52759b1b4447d407ee02407446230124971d20b472816d
SHA512

f5fdefb581bcc88612249518e2d09c1e278e90d324f2cc35bd03e1a60a5169c44aa6fe2c400846fff18c5130d7d14a73c8e937f97b648179f7a43ed416443831
SSDEEP

6144:MSCIpFr5X/OlL5YQh1QSkMJUiqMJ5JDS3:McpFrtOLTQmmMTS3

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  cced13549d1dc6d9e54b540e834073a279a413257d5609ab7223aab9845897d1.exe
- Size
  
  291KB
- MD5
  
  b48bec1475c20a3add16b3f1a7c14fb3
- SHA1
  
  1b3cd8a20d4b5e2dbac7cde25b2b56da751f467b
- SHA256
  
  cced13549d1dc6d9e54b540e834073a279a413257d5609ab7223aab9845897d1
- SHA512
  
  dcc10fdad011b45b29240d406b409182864cffafe6fc7a0c8f2dcb5424db49a1f3604c3cce990c14363110e58cd4b7fbf864922f3f3e20d2097819a608763756
- SSDEEP
  
  6144:B9fL5h2Kk0OOJbuTlTV97C0/HB6NnigabwVf:B9fth2Kk0OiKf/ei
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan