smokeloader | 1118a93cc63a70ba8348182f7012ddbeecf890345941c82376ac967faf55a295 | Triage

Sharing

General

Target

svc1.exe
Size

112KB
Sample

250204-y9w54asneq
MD5

5c1afd27623185ab5fafe9753c2d92db
SHA1

29e05c0f600190f91bd4709b2bb0a9aba41590b2
SHA256

1118a93cc63a70ba8348182f7012ddbeecf890345941c82376ac967faf55a295
SHA512

05b89fc0ec46cfc49a02c9b3042e3f763afbea34e559eb8687b68e1fb2c7c16efec8c5ee6b2a09f8ee2d6d415a871d47a4d8f065aa40634c946ac1873185cd96
SSDEEP

3072:JAZhRxolxAMMnyrYfKsvWfRaY/UvrYDCQ8/kQ:JahKzChWcisYDC9/kQ

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  svc1.exe
- Size
  
  112KB
- MD5
  
  5c1afd27623185ab5fafe9753c2d92db
- SHA1
  
  29e05c0f600190f91bd4709b2bb0a9aba41590b2
- SHA256
  
  1118a93cc63a70ba8348182f7012ddbeecf890345941c82376ac967faf55a295
- SHA512
  
  05b89fc0ec46cfc49a02c9b3042e3f763afbea34e559eb8687b68e1fb2c7c16efec8c5ee6b2a09f8ee2d6d415a871d47a4d8f065aa40634c946ac1873185cd96
- SSDEEP
  
  3072:JAZhRxolxAMMnyrYfKsvWfRaY/UvrYDCQ8/kQ:JahKzChWcisYDC9/kQ
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan