smokeloader | d874c5f6b10e26cfd96af59be1a40b173d0614770703a36fb84dd855900fd78c | Triage

Resubmissions

24-01-2025 23:30

250124-3hgcsatray 10

09-04-2024 08:35

240409-kg6xyaag48 10

09-04-2024 08:35

240409-kg2m8aea6s 10

09-04-2024 08:35

240409-kg12paag46 10

09-04-2024 08:35

240409-kg1qxsag45 10

23-02-2024 00:53

240223-a8rxzsha6z 10

22-02-2024 06:18

240222-g2y62sdc6x 10

Sharing

General

Target

d874c5f6b10e26cfd96af59be1a40b173d0614770703a36fb84dd855900fd78c.exe
Size

141KB
Sample

250124-3hgcsatray
MD5

3151d44dd03886e5f64f34481b116c81
SHA1

ebef87d5fd54925493385fbff5ba4d175c046fbc
SHA256

d874c5f6b10e26cfd96af59be1a40b173d0614770703a36fb84dd855900fd78c
SHA512

6ebcb293583a6858a023bf71a347783b788064f9415421503155e2f87426ff52d7881f2a680331d4332e4062153901295f4b92771a1afd527624bb15230bbcc6
SSDEEP

3072:p13jvfNcgSRb5hPi9OTtA5HljuEa9ckZKD4Xxh:bTX2gSJL3t0HlyEa9cM

Score

10^/10

smokeloader backdoor discovery persistence trojan

Malware Config

Targets

- Target
  
  d874c5f6b10e26cfd96af59be1a40b173d0614770703a36fb84dd855900fd78c.exe
- Size
  
  141KB
- MD5
  
  3151d44dd03886e5f64f34481b116c81
- SHA1
  
  ebef87d5fd54925493385fbff5ba4d175c046fbc
- SHA256
  
  d874c5f6b10e26cfd96af59be1a40b173d0614770703a36fb84dd855900fd78c
- SHA512
  
  6ebcb293583a6858a023bf71a347783b788064f9415421503155e2f87426ff52d7881f2a680331d4332e4062153901295f4b92771a1afd527624bb15230bbcc6
- SSDEEP
  
  3072:p13jvfNcgSRb5hPi9OTtA5HljuEa9ckZKD4Xxh:bTX2gSJL3t0HlyEa9cM
Score

10^/10

smokeloader backdoor discovery trojan persistence
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverypersistencetrojan