smokeloader | 842975d72b54148e3236403e27c424c463a69defc6da2cf596aa4e57f4611d09 | Triage

Sharing

General

Target

842975d72b54148e3236403e27c424c463a69defc6da2cf596aa4e57f4611d09.exe
Size

323KB
Sample

250107-wannka1nfy
MD5

b1473d6c76b7b276d5ce00ef49ae1d91
SHA1

5810d7f31e6275781a22b0b9cad1f378552250e2
SHA256

842975d72b54148e3236403e27c424c463a69defc6da2cf596aa4e57f4611d09
SHA512

18e0f938585e86a76f50990b9c01856caaf19e3a9e6160c2e5f8fce499e33029e7788acd4827f0c22d2db4853a0bc57ac43bd850201a04685179d030435ae05b
SSDEEP

3072:ssENKpXa+1pfbz2LjiLd25d1rJjnE3z6x8EzY4a9APmawcTVsPHepf:s2XFjfbiLjiLd21lIz7qLaGujf4f

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  842975d72b54148e3236403e27c424c463a69defc6da2cf596aa4e57f4611d09.exe
- Size
  
  323KB
- MD5
  
  b1473d6c76b7b276d5ce00ef49ae1d91
- SHA1
  
  5810d7f31e6275781a22b0b9cad1f378552250e2
- SHA256
  
  842975d72b54148e3236403e27c424c463a69defc6da2cf596aa4e57f4611d09
- SHA512
  
  18e0f938585e86a76f50990b9c01856caaf19e3a9e6160c2e5f8fce499e33029e7788acd4827f0c22d2db4853a0bc57ac43bd850201a04685179d030435ae05b
- SSDEEP
  
  3072:ssENKpXa+1pfbz2LjiLd25d1rJjnE3z6x8EzY4a9APmawcTVsPHepf:s2XFjfbiLjiLd21lIz7qLaGujf4f
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan