smokeloader | 36f6d1fd9f1d77f3982a3480dde844559ceac8378246c7adef58c689a58139ab | Triage

Sharing

General

Target

36f6d1fd9f1d77f3982a3480dde844559ceac8378246c7adef58c689a58139ab
Size

158KB
Sample

241215-rcvsfawnfx
MD5

f938296ea0084188fc8718328203d3f3
SHA1

dd2e3a15b9dd4d204df4feb969f52a80ae52dbe0
SHA256

36f6d1fd9f1d77f3982a3480dde844559ceac8378246c7adef58c689a58139ab
SHA512

c4bf7d3481fe67b4d7476a42e392a475c96590126382f0b768d160ea5d3d815eb7623ca404e4e67d402f80a2f9761ef875caaa3e710295803f653ac1b3aa448b
SSDEEP

3072:0tSTCEaObpdm6tC56EE7kc72AhowDD7TtZH8250RAAcIbQ9P3Kr9/focN049W10H:0kTbpdHCAzD72YrDD7TTc250RAFIc9J6

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  6e66d55cd25699c37ecb1df293cec91b7d65b855dca2738e0a21fa9c9d75b472
- Size
  
  260KB
- MD5
  
  9b8808042c38d9dcf2fde812022c977d
- SHA1
  
  1636f26de52796009338b301736396bac764bb21
- SHA256
  
  6e66d55cd25699c37ecb1df293cec91b7d65b855dca2738e0a21fa9c9d75b472
- SHA512
  
  2e4fc25e4a8eeb7eb775aba808115490dedc1c33332cd6c31b7902d638efa97e09b3cd3b6fe2479cb74ce56515af8bf2b2dce3c313565f84652c2adfb14cd67a
- SSDEEP
  
  3072:otzWymBhk5wLO45nPcz5KkzJ3qiDD7TtZH8250RAApMbkYyxJZM/h3:vymBO6Lv5nz6jDD7TTc250RAAakL9
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan