Back

SmokeLoader Evolution Through The Years

July 3, 2024, 12:23 p.m.

Tags

smokeloader
downloader
2024-07-03

External References

https://www.zscaler.com/

https://otx.alienvault.com/

Description

This report provides an in-depth analysis of the evolution of SmokeLoader, a prominent malware downloader that has been active since 2011. It examines the significant changes and improvements introduced in SmokeLoader versions from 2015 to 2022, including updates to its communication protocol, encryption algorithms, anti-analysis techniques, and overall sophistication. The report delves into the malware's ability to evade detection, highlighting its adoption of advanced obfuscation methods, such as code permutations, opaque predicates, and stack-based obfuscation. It also discusses SmokeLoader's improved capability to detect and avoid security products, as well as its implementation of various injection techniques to execute its malicious payload.

Date

Published Created Modified
July 3, 2024, 11:54 a.m. July 3, 2024, 11:54 a.m. July 3, 2024, 12:23 p.m.

Indicators

fc20b03299b8ae91e72e104ee4f18e40125b2b061f1509d1c5b3f9fac3104934

d5efd66f54dce6b51870e40a458fa30de366a2982ab2f83dddff5cb3349f654d

e92d1c2c1e145c1d6c42dd402e75f46e5edfb2bab5539c4d103d345b5ac965a3

c78bc4fb8955940b3ac9b52cb16744a61f8bdaf673fd64fc106465241c56cc6c

7377efde4e4e86650ab8495f57ab4a76d4f8efe31e2962305b8c42a6cee70454

b6ec96043dba7722cac4ed24b6979fc71a758bdf18ca44353c19194c172bf621

857fc7aafbbf0d4c850c1b1585a72420600bdabe269f343c0c817614aa6c94cd

5727c2cd54b8408ca0f8e943cad61027a2c3d51da64f2f1224a6b9acc4820f8e

32ba1f3b96cf77a08c041d4983d6afa7db8e1948d27d6a8dd55b7bb95e493189

18aa1b79bbeee6a731b897377233d54b1b2464eeb9a25dafc0debfc43af8c04f

070a94ee0cd9ac1b1ed467353f5731e09cab136315447c04f53bc52d4fe3f8cc

Attack Patterns

SmokeLoader

T1107

T1574

T1564

T1106

T1105

T1083

T1569

T1204

T1140

T1027

T1562