SmokeLoader Evolution Through The Years
Essential information
- Published
- 03/07/2024 11:54
- Modified
- 03/07/2024 12:23
- Tags
- 2024-07-03 downloader smokeloader
- Related entities
- 11 observables, 11 techniques (mitre), 1 malware
Description
This report provides an in-depth analysis of the evolution of SmokeLoader, a prominent malware downloader that has been active since 2011. It examines the significant changes and improvements introduced in SmokeLoader versions from 2015 to 2022, including updates to its communication protocol, encryption algorithms, anti-analysis techniques, and overall sophistication. The report delves into the malware's ability to evade detection, highlighting its adoption of advanced obfuscation methods, such as code permutations, opaque predicates, and stack-based obfuscation. It also discusses SmokeLoader's improved capability to detect and avoid security products, as well as its implementation of various injection techniques to execute its malicious payload.