smokeloader | 5ed18c9f11e3d402241c2fffe8d5f2b05676b89177a1b46f897801b649bf9d67 | Triage

Sharing

General

Target

5ed18c9f11e3d402241c2fffe8d5f2b05676b89177a1b46f897801b649bf9d67
Size

110KB
Sample

241215-rdq6mswpaw
MD5

218dd8b4adb6a3dfafb2066640ec3fae
SHA1

d315c38fc488825d2a83a5e735776261676309e4
SHA256

5ed18c9f11e3d402241c2fffe8d5f2b05676b89177a1b46f897801b649bf9d67
SHA512

83f44f9a54403b7a27f7db50b08e9a2b75dd52ce34ccd1c89a17df8294775dc4d06cca980c4842cdb3d6007bac69a976f9755aa382dd34ab91f7fb9ae681f095
SSDEEP

3072:bwI3ObDv1i5lM8jrjgtYr8/PTlawPCiB7Hs7eF4lI:Z3ONi4Ivb+7loGHsuZ

Score

10^/10

smokeloader pub4 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Targets

- Target
  
  8c581202747daa219075922ba25c3f2027c951c7a10e69a0fec5e603d1a3dfa7
- Size
  
  161KB
- MD5
  
  cea76de7e11f0c2a62547ec2711803f3
- SHA1
  
  4127c4d3569576be556a2bea80882a6bed97733e
- SHA256
  
  8c581202747daa219075922ba25c3f2027c951c7a10e69a0fec5e603d1a3dfa7
- SHA512
  
  a93948ab5e8284cbfa1b8f6075debf87a3dcf5a3c80f1d808faee9005c19496cb20eae708279c0996d8b89a1ab9b7c16d83cdc524df11f714c9135fd4bb48117
- SSDEEP
  
  3072:OYhqx4Ko+Tcid5iJQ4U1FiWtkg6fa2vwv72246JSZ:O3XoYcLJQVknlvyq246JSZ
Score

10^/10

smokeloader pub4 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub4backdoordiscoverytrojan

behavioral2

smokeloaderpub4backdoordiscoverytrojan