smokeloader | 39048a8ad7f6e7c1f7f11dda969257077cce4c3ddb24820d01c93a03316aecba | Triage

Sharing

General

Target

39048a8ad7f6e7c1f7f11dda969257077cce4c3ddb24820d01c93a03316aecbaN
Size

108KB
Sample

250113-cwlasatnfm
MD5

be91876e5bb2b4ef78272532312e82a0
SHA1

4f8748a8c75e9f83df0f830c044dd481b248a2b5
SHA256

39048a8ad7f6e7c1f7f11dda969257077cce4c3ddb24820d01c93a03316aecba
SHA512

06f11ef2c44e31c938977eb7cffdc7220705b1f3e86c781caa7325f1fe3529412affd1327913c1a08e2d1c5ff2172fc07c37b456956ec856c839cab76f1add7b
SSDEEP

1536:SrTOCL3hT4oEq6mTcY5sdq2C2I1XDG8310/NW9c4lbp:GOCLx0oEMcY5y7mzGlyc4J

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  39048a8ad7f6e7c1f7f11dda969257077cce4c3ddb24820d01c93a03316aecbaN
- Size
  
  108KB
- MD5
  
  be91876e5bb2b4ef78272532312e82a0
- SHA1
  
  4f8748a8c75e9f83df0f830c044dd481b248a2b5
- SHA256
  
  39048a8ad7f6e7c1f7f11dda969257077cce4c3ddb24820d01c93a03316aecba
- SHA512
  
  06f11ef2c44e31c938977eb7cffdc7220705b1f3e86c781caa7325f1fe3529412affd1327913c1a08e2d1c5ff2172fc07c37b456956ec856c839cab76f1add7b
- SSDEEP
  
  1536:SrTOCL3hT4oEq6mTcY5sdq2C2I1XDG8310/NW9c4lbp:GOCLx0oEMcY5y7mzGlyc4J
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan