smokeloader | be09ac01404b9a32552b8bea765128a3e197a4bf77e909892d00aa2d157d6871 | Triage

Submit
Reports

Overview

overview

Static

static

7

be09ac0140...71.exe

windows7-x64

be09ac0140...71.exe

windows10-2004-x64

Sharing

General

Target

be09ac01404b9a32552b8bea765128a3e197a4bf77e909892d00aa2d157d6871.exe
Size

103KB
Sample

250206-h2mnpaxlas
MD5

b53bbcfca226226405217bba4f8b2532
SHA1

6a84eb91adb4ec5b3b18929fb5e0bfd39cc41fb2
SHA256

be09ac01404b9a32552b8bea765128a3e197a4bf77e909892d00aa2d157d6871
SHA512

f8b51680dbca520ed6877ca5cc1a003258a03bdd802c69985d658375562608c004084463363c9a2ed92b7552c36ba729b1863a1693990186e0f188ff3cc1ec86
SSDEEP

1536:KOhk60PnYkfH77Xcsg23bH/0cRDrKOyaxPoWvVVZ5ElaSePrpf3n3:HuJ/hRvg2TzEla3PVH

Score

10^/10

smokeloader backdoor discovery trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

be09ac01404b9a32552b8bea765128a3e197a4bf77e909892d00aa2d157d6871.exe

Resource

win7-20241010-en

smokeloader backdoor discovery trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

be09ac01404b9a32552b8bea765128a3e197a4bf77e909892d00aa2d157d6871.exe

Resource

win10v2004-20241007-en

smokeloader backdoor discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  be09ac01404b9a32552b8bea765128a3e197a4bf77e909892d00aa2d157d6871.exe
- Size
  
  103KB
- MD5
  
  b53bbcfca226226405217bba4f8b2532
- SHA1
  
  6a84eb91adb4ec5b3b18929fb5e0bfd39cc41fb2
- SHA256
  
  be09ac01404b9a32552b8bea765128a3e197a4bf77e909892d00aa2d157d6871
- SHA512
  
  f8b51680dbca520ed6877ca5cc1a003258a03bdd802c69985d658375562608c004084463363c9a2ed92b7552c36ba729b1863a1693990186e0f188ff3cc1ec86
- SSDEEP
  
  1536:KOhk60PnYkfH77Xcsg23bH/0cRDrKOyaxPoWvVVZ5ElaSePrpf3n3:HuJ/hRvg2TzEla3PVH
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan

© 2018-2025

Terms | Privacy