smokeloader | 7919a5fb7196f86c18534b05b4ad8b76bad0c513b8af8964754acedabec6310f | Triage

Sharing

General

Target

7919a5fb7196f86c18534b05b4ad8b76bad0c513b8af8964754acedabec6310f
Size

126KB
Sample

241215-re7j1swpev
MD5

c0e0ec0312f9ce49032ef6598a816461
SHA1

c11bd0621fd8db420fd8049085f0da2476f5cad6
SHA256

7919a5fb7196f86c18534b05b4ad8b76bad0c513b8af8964754acedabec6310f
SHA512

b044cb37913594009c793b3f585d43d9af95fad17e9045b88c24b5be1f69c0fef78f9a09f79e5c3bb3131baba27aa0c1fca5d1d4f38b463ec13404fe585a0186
SSDEEP

3072:+zxyWpaKHjenY/dBrgYDRYJ5dEDISmsJf68gn1wrE3eLW90Gl:kxyOainDReEsBsAf1wc8kl

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  9766403be607ff4dc71a1f9fa99121063534f5a8e26b91385938a2ae6a0ab93a
- Size
  
  200KB
- MD5
  
  a2451a046a9d366e158b7bbd8754564f
- SHA1
  
  44623c58042f5026eb7dff7c060b320809e90755
- SHA256
  
  9766403be607ff4dc71a1f9fa99121063534f5a8e26b91385938a2ae6a0ab93a
- SHA512
  
  f9f55008ea67fcaea14d2fe9a4335ed185fe0d73ffd0e9c6c13b3f88f86cce1353b754ccf26901986850609b98f4253c56d2583d61b8642fb3a6919ca6d4506a
- SSDEEP
  
  3072:vfHbgaIuwv4Ll8GGWDm0AS1SPYAUrhzMN7JzMg1M+JqOe7r83:Hb4gL2W60h1S0w3zMg1RJq5r8
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan