smokeloader | 410e9b45e6ba84e2be11cd892909558d15b4d8f8534a2f3334e0d835d6005e36 | Triage

Sharing

General

Target

410e9b45e6ba84e2be11cd892909558d15b4d8f8534a2f3334e0d835d6005e36
Size

159KB
Sample

241215-rcdh6ayjhj
MD5

b1146e18734179d4a4cce111c2de7643
SHA1

2779530a1e318754a55f3553ba89e5ed38e3001f
SHA256

410e9b45e6ba84e2be11cd892909558d15b4d8f8534a2f3334e0d835d6005e36
SHA512

6c491673defa01fdff2e6b3714c0e24e4835fbb53b63cf7386c53f8364e3e05cf3d8f414b13eaee107ebf7c8ed035bccf489f93e8a8d1c7116c9230a12f18549
SSDEEP

3072:2uTFm82pqZkqb137jdLWfcOWw+MtiLZIRyQellzjh+uFsiKgpcsmhj:2KcEZR37jUcLMtiLZIUll1hfZXpcsmhj

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  0da9ea842da272fe2101dfa5062bf5755c4940fc3371dc53cee5e4c66afa24b2
- Size
  
  261KB
- MD5
  
  2e8240df083c3e76b535b8e74870204a
- SHA1
  
  d4a9b4c65e6ea4b6fef66b9f691e7788a1aefa19
- SHA256
  
  0da9ea842da272fe2101dfa5062bf5755c4940fc3371dc53cee5e4c66afa24b2
- SHA512
  
  b27d406195ae0afa6787c0f64c0ca5fa92b15129db29711f528a934e7db446914d35cd7329d52811d40b4fcfb7b20beaed5d221687076edb5660d48e735f4921
- SSDEEP
  
  3072:+bRgGMBJlNQbcL0rGZYhz5Kisc3zSrBqdOWw+MtiLZIHLoOruV0yM/h3:jVBLObcL0iZgsmHdLMtiLZIHxruVf
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan