smokeloader | c7a61edb509a5bc6a099859ebdd01312bb2e9b3a0f1312697b881a6125cafab6 | Triage

Sharing

General

Target

c7a61edb509a5bc6a099859ebdd01312bb2e9b3a0f1312697b881a6125cafab6
Size

105KB
Sample

241215-rknn4aymel
MD5

dedae5998c9aa4957714dc0714e4afc7
SHA1

e3d2772b40106dd5b5f8269f4bcbb48f08084386
SHA256

c7a61edb509a5bc6a099859ebdd01312bb2e9b3a0f1312697b881a6125cafab6
SHA512

f3184414eff97286388f6811220230cb190980d6e133cd8a3b771dcbe12bea0629ffb5d26ed030a390c23e8a6796f698a591aa6b94ad6a016d92fb96de387f98
SSDEEP

3072:wjP0BWEwRaM1plB5cJfpl3/yTiR/638KrwxUjRc0QN:REwMlafplWiRwwxUjfi

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  d36b798badd0779d0d164dfe1a653172d162fcad595f6b2e9fef24eddc37b78f.exe
- Size
  
  153KB
- MD5
  
  8b354ce32c6a8fb9a040d0c61c5036cd
- SHA1
  
  14be6d5a9928d078ca7aa30b477bc197ca29d9d9
- SHA256
  
  d36b798badd0779d0d164dfe1a653172d162fcad595f6b2e9fef24eddc37b78f
- SHA512
  
  89a61d9effa9889a787d1670cc94f1e24dfeb3f43a6244afd80ae1d6c2cc19a58bd8da4b97e4e986742f0630924cdec1777d4f271c597e850f8a481e150895ba
- SSDEEP
  
  3072:hktYLlihDE5z+kVyS0H8hxV2bywjDfxK7MjJjP1:FLlih+cr8hX0K7S9
Score

10^/10

smokeloader pub2 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoortrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan