smokeloader | a155c38fa6f003c89d32079c04334a257ea4ad9833664626e5c2bbd4ddbb3e24 | Triage

Sharing

General

Target

a155c38fa6f003c89d32079c04334a257ea4ad9833664626e5c2bbd4ddbb3e24.zip
Size

326KB
Sample

250326-2mdxsawps3
MD5

86d74de5dd6be08e8d39628a29cdcb86
SHA1

75fbbc1739ee51fb738265119527904c9e514698
SHA256

a155c38fa6f003c89d32079c04334a257ea4ad9833664626e5c2bbd4ddbb3e24
SHA512

e66e490e2d0995d4150df7d638438e9269e43e8631a69f9e89c01bef13e535746bab73e06e1adcabcd9d403f33d848f4d5caa40a2566065fedcc8a84dd20eedd
SSDEEP

6144:fPykTnb5p/Ce0thSW3IXnpv1k2pjiTSbXTzB6NyzRpCvyd6A:fPXTn//Ce0zSIapv1k2pjiubx6N2RpkE

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  243915f58ee0b47ad8f4972192a2634781e7beb3cec92999f2d48fba3ee08b2b.exe
- Size
  
  460KB
- MD5
  
  33eb55a002f0da6c775958fbefd39a3a
- SHA1
  
  6e2042d7e7bb4eabee4cd68820d74a96ae84437c
- SHA256
  
  243915f58ee0b47ad8f4972192a2634781e7beb3cec92999f2d48fba3ee08b2b
- SHA512
  
  f9fded9865fa1d4ebd987c3c4e8334c4b61d793d3ab1a3fb009ba24bd8e5c47e119a1e86cd7e7e511e973c7dba6a855a2a4a41efe257308b02f235e100fdae33
- SSDEEP
  
  12288:Ya+XwNiB5rd6i9CkJPEcXgqAY2+o8z/78:SgNiDrIiRJ/PrRzw
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan