SmokeLoader Evolution Through The Years

July 3, 2024, 12:23 p.m.

Description

This report provides an in-depth analysis of the evolution of SmokeLoader, a prominent malware downloader that has been active since 2011. It examines the significant changes and improvements introduced in SmokeLoader versions from 2015 to 2022, including updates to its communication protocol, encryption algorithms, anti-analysis techniques, and overall sophistication. The report delves into the malware's ability to evade detection, highlighting its adoption of advanced obfuscation methods, such as code permutations, opaque predicates, and stack-based obfuscation. It also discusses SmokeLoader's improved capability to detect and avoid security products, as well as its implementation of various injection techniques to execute its malicious payload.

External References

https://www.zscaler.com/blogs/security-research/brief-history-smokeloader-part-2
https://otx.alienvault.com/pulse/66853bf6735dcabe0187b3d3
Tags
smokeloader
downloader
2024-07-03

Date

  • Created: July 3, 2024, 11:54 a.m.
  • Published: July 3, 2024, 11:54 a.m.
  • Modified: July 3, 2024, 12:23 p.m.

Indicators

  • fc20b03299b8ae91e72e104ee4f18e40125b2b061f1509d1c5b3f9fac3104934
  • d5efd66f54dce6b51870e40a458fa30de366a2982ab2f83dddff5cb3349f654d
  • e92d1c2c1e145c1d6c42dd402e75f46e5edfb2bab5539c4d103d345b5ac965a3
  • c78bc4fb8955940b3ac9b52cb16744a61f8bdaf673fd64fc106465241c56cc6c
  • 7377efde4e4e86650ab8495f57ab4a76d4f8efe31e2962305b8c42a6cee70454
  • b6ec96043dba7722cac4ed24b6979fc71a758bdf18ca44353c19194c172bf621
  • 857fc7aafbbf0d4c850c1b1585a72420600bdabe269f343c0c817614aa6c94cd
  • 5727c2cd54b8408ca0f8e943cad61027a2c3d51da64f2f1224a6b9acc4820f8e
  • 32ba1f3b96cf77a08c041d4983d6afa7db8e1948d27d6a8dd55b7bb95e493189
  • 18aa1b79bbeee6a731b897377233d54b1b2464eeb9a25dafc0debfc43af8c04f
  • 070a94ee0cd9ac1b1ed467353f5731e09cab136315447c04f53bc52d4fe3f8cc
Download all indicators here!

Attack Patterns

  • SmokeLoader