smokeloader | 3478077ba1325b1b78f026b86271dfd41ebf844344d9829f66c7b317de737f3e | Triage

Sharing

General

Target

5dcdd9b2e6f81b11f4e4d0cb96709286deac6c8a8385d473f17d599ee55c150f.zip
Size

141KB
Sample

250306-em75asykx3
MD5

2e1de99ee3efc3bf1d730efb9ce6cb89
SHA1

810a766e9a7ab6f5129bbdb5793ddc2180100b2d
SHA256

3478077ba1325b1b78f026b86271dfd41ebf844344d9829f66c7b317de737f3e
SHA512

bc94d8dc9260b5de1dcfdc3a2d7ad339fbcde59445a2a86f1a102edc89e31e938f99aecb1353b99bdd81d9a02719320f3ce246206d7eb3dedb502de0e7d31947
SSDEEP

3072:QHfNEVz81SvNod3SemMgsuITmylE9KzcmgjHBuRQrNMqu3viwE0K4:6+Vz8uONr3g7I6n9Kzc1HBu+riqCiVH4

Score

10^/10

smokeloader 555 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

555

Targets

- Target
  
  5dcdd9b2e6f81b11f4e4d0cb96709286deac6c8a8385d473f17d599ee55c150f.exe
- Size
  
  242KB
- MD5
  
  09ad810630e8251be546dffede1480f3
- SHA1
  
  3e912255a14e30bc82a56d41ce3c3078bf0cd942
- SHA256
  
  5dcdd9b2e6f81b11f4e4d0cb96709286deac6c8a8385d473f17d599ee55c150f
- SHA512
  
  dedd8d91eade7680d454fb4cb315e104c79b8ded3e70fec01cbfaaf2b0235b2a43a5ad85e1ca58c3f1e4e417168dcf2a83a2a58966d9f8ad62c7f94d6108e2a4
- SSDEEP
  
  6144:IEZQdLhb/V7MB76567iM255WTHiNK3Lrje3Zwlku:zZWb/V7MBmjM2rAHl3vsZ
Score

10^/10

smokeloader 555 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader555backdoordiscoverytrojan