smokeloader | 20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3 | Triage

Sharing

General

Target

20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3.exe
Size

312KB
Sample

250318-bxgtbavpz4
MD5

540326cdda418bc16b3ef5eb9f14b24a
SHA1

15085220874365e6c95cb501c7973fc34d9eb7fd
SHA256

20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3
SHA512

e9aa792cffd04362c0b64cdbe5d8ca04a6180f40f561376f4e825f6d290dca3742cdff783e7550b3815302d5b75d2846771815e3c8e22117019f39ec997da86b
SSDEEP

3072:PfQrW+DOwR/lV+ZYY+EXd839mWsmBz6rHXUYznNuOuK:mGSVO1W39rFz6zXUY7cI

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3.exe
- Size
  
  312KB
- MD5
  
  540326cdda418bc16b3ef5eb9f14b24a
- SHA1
  
  15085220874365e6c95cb501c7973fc34d9eb7fd
- SHA256
  
  20bade08687a1356c343a70a124e7441aa3f2c1824f50b77e552421ee61c3ba3
- SHA512
  
  e9aa792cffd04362c0b64cdbe5d8ca04a6180f40f561376f4e825f6d290dca3742cdff783e7550b3815302d5b75d2846771815e3c8e22117019f39ec997da86b
- SSDEEP
  
  3072:PfQrW+DOwR/lV+ZYY+EXd839mWsmBz6rHXUYznNuOuK:mGSVO1W39rFz6zXUY7cI
Score

10^/10

smokeloader pub1 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan