smokeloader | 72e126ee57a938fc41d5e1b3242354ec2172d7d4fdeb599409b7733624461bd7 | Triage

Sharing

General

Target

72e126ee57a938fc41d5e1b3242354ec2172d7d4fdeb599409b7733624461bd7
Size

293KB
Sample

241215-rf2p6awpgz
MD5

a39a593847aec5da6930cadb4396bc43
SHA1

f1f8109190ded61e34cbf0167bef7011dc8bce28
SHA256

72e126ee57a938fc41d5e1b3242354ec2172d7d4fdeb599409b7733624461bd7
SHA512

1802cab025c25e36b0967cef21c94e44b01b1074f0be82a20dd26a9feb9799e424a22487a58c090cbe09c6d2e38710e86f8ab2a93f282c493bc7fe520172fab5
SSDEEP

3072:hiw4BLX97EhE0E+c6mnjpz0e0sxkgaBChUpZa9uD6Vdyhk:hwX9whE0E+c6mlAeBiga3wVf

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  72e126ee57a938fc41d5e1b3242354ec2172d7d4fdeb599409b7733624461bd7
- Size
  
  293KB
- MD5
  
  a39a593847aec5da6930cadb4396bc43
- SHA1
  
  f1f8109190ded61e34cbf0167bef7011dc8bce28
- SHA256
  
  72e126ee57a938fc41d5e1b3242354ec2172d7d4fdeb599409b7733624461bd7
- SHA512
  
  1802cab025c25e36b0967cef21c94e44b01b1074f0be82a20dd26a9feb9799e424a22487a58c090cbe09c6d2e38710e86f8ab2a93f282c493bc7fe520172fab5
- SSDEEP
  
  3072:hiw4BLX97EhE0E+c6mnjpz0e0sxkgaBChUpZa9uD6Vdyhk:hwX9whE0E+c6mlAeBiga3wVf
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan