smokeloader | 9e80f9d63be61c461efcf6a0027a22603e215f06f97db8e398d4be5e1d9a47b9 | Triage

Sharing

General

Target

9e80f9d63be61c461efcf6a0027a22603e215f06f97db8e398d4be5e1d9a47b9
Size

158KB
Sample

241215-rfvxlsylbq
MD5

cee102159a9fcee475277223438413c5
SHA1

6d15687c2fbebaae3f8377f69dabae736fb2c36d
SHA256

9e80f9d63be61c461efcf6a0027a22603e215f06f97db8e398d4be5e1d9a47b9
SHA512

29725994529a42233034f683ab33be3a2bf5721a4085d4f7da973f9e00d78f54aa3cc2cb5583a2e42d5526a734cf83586fa47fe8ee067f07e59aa807cbd695c9
SSDEEP

3072:PXqBzWlYOAIfAzqilosisi9RMcEbaDAoVwOT7zIIp1ezJyP3/nVXSa0:PqBze7fAzqKdi9RNMub784UFy3VCa0

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  ae3ccf25f2d5fae7e8f70542053bfad99a32ee295593ba10ec2c4250476f653f
- Size
  
  259KB
- MD5
  
  b732ae631cb2376d1886f4cfaa5c59c9
- SHA1
  
  be4c458caf07c2c04bcce3b8c094ce5bad07cc96
- SHA256
  
  ae3ccf25f2d5fae7e8f70542053bfad99a32ee295593ba10ec2c4250476f653f
- SHA512
  
  a53c66a380c0f242b1caa60ccbf58216452dd3596c228fdaf7f23a6a4ec70b8ca13616a9434325f5be9a064941c5ded4d3ff88ce0e11cf31637c7e91e713d84d
- SSDEEP
  
  6144:MCB3OL4E9AX4/fwRNMub784QRvJOY/VV7:zBeUE9gcW2x1DtV7
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan