smokeloader | e2f1d73b9f53bb67d06db93685649c3aba016659bcb79b6e3c18d05423aed0e6 | Triage

Sharing

General

Target

e2f1d73b9f53bb67d06db93685649c3aba016659bcb79b6e3c18d05423aed0e6.exe
Size

108KB
Sample

250113-qqnqlswkgm
MD5

67669172a766fa3e25bf730b2d5ff532
SHA1

55c578be1300784ef448cf04b69881d4690553bb
SHA256

e2f1d73b9f53bb67d06db93685649c3aba016659bcb79b6e3c18d05423aed0e6
SHA512

2ac0bf764021937d798d397054fcb464aa06da611c7e000a957357721af31e75277ab4869966bdf52276d13951330f39c46c3a00f0193f21a34ae94131c80250
SSDEEP

1536:SrTOCL3hT4oEq6mTcY5sdq2C2I1XDG8310/NW9c4lbpA:GOCLx0oEMcY5y7mzGlyc4J+

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  e2f1d73b9f53bb67d06db93685649c3aba016659bcb79b6e3c18d05423aed0e6.exe
- Size
  
  108KB
- MD5
  
  67669172a766fa3e25bf730b2d5ff532
- SHA1
  
  55c578be1300784ef448cf04b69881d4690553bb
- SHA256
  
  e2f1d73b9f53bb67d06db93685649c3aba016659bcb79b6e3c18d05423aed0e6
- SHA512
  
  2ac0bf764021937d798d397054fcb464aa06da611c7e000a957357721af31e75277ab4869966bdf52276d13951330f39c46c3a00f0193f21a34ae94131c80250
- SSDEEP
  
  1536:SrTOCL3hT4oEq6mTcY5sdq2C2I1XDG8310/NW9c4lbpA:GOCLx0oEMcY5y7mzGlyc4J+
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan