smokeloader | 582c0376a6ac0ff2f2c4b27bbedd6b0427413d2dba8bee60b7a15cf021eb74eb | Triage

Sharing

General

Target

582c0376a6ac0ff2f2c4b27bbedd6b0427413d2dba8bee60b7a15cf021eb74eb
Size

159KB
Sample

241215-rf5f2sylcp
MD5

4b8c8a85817cfb51c8a04a4eb9d99805
SHA1

487bc08636c28589b61a8e36be36dbf0ef24ec4b
SHA256

582c0376a6ac0ff2f2c4b27bbedd6b0427413d2dba8bee60b7a15cf021eb74eb
SHA512

967b7e95fa3686b5948469e2c52a2ba3036a77613f44e9fbb64d6cbb4becda9b741e954415580fa5e5a110591b3d38a38447abbbd41c0fbdf82dc2e3df0cdcbe
SSDEEP

3072:b2PH2cUi9QWnLxt1Jygq/lFyAmhSy6ojZfGXQwMU109P2:b2+cU8Q6x9ygq2zfuXXMUG9P2

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  721e94645d4d519ac21ec89727e4f323e0e2725f144a563636c5d14e91075aff
- Size
  
  260KB
- MD5
  
  2d549580277e88c7c63ff6675e1f2366
- SHA1
  
  0068f539d8651c8f3fa49c99f21f614ed03f169d
- SHA256
  
  721e94645d4d519ac21ec89727e4f323e0e2725f144a563636c5d14e91075aff
- SHA512
  
  88ef7e791f1e049b86d79b5fe195c9dfe71ab5a37a869a56359d575dc01472e074e9ceec47aa0730b4efd1dff584f64af1ff6c8337b2f3048f639e5e99fa394a
- SSDEEP
  
  3072:0FMvBpGl8HLnr7Buz5SjS5aFo6zt/lFyAmhSMzlRTHNWM/h3:RvBE+HLr7ZjqaFo6zt2XzzTHNW
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan