smokeloader

General

Target

0f7fea936ac9aaf62528ed30373c838d_JaffaCakes118
Size

290KB
Sample

240328-zf6m4sgg66
MD5

0f7fea936ac9aaf62528ed30373c838d
SHA1

262413c6eee91c797806be1a22394036bf84b633
SHA256

ee6cb977e78651d7b9a3fd412a40f6e2cd1501f05b04c49e744db35c83181132
SHA512

a56c15fc8e293d00dff30918e3adcee5d66ef2182a5ed1cd9f176dd6fa37a9c7e401cd2490aac4f2cfda35b17099f1ade03efb0276b984cf6b359bf24b41baec
SSDEEP

3072:mu0XiLyS0KcBa2lQ7y4zp+VaYzOeS9OuiNwWHFwIQnvIByI/JTEqWpGxfZz5LjI7:72aG4y4zakOLn9ByI/JoNpGjRI0LPj

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://honawey7.top/

http://wijibui0.top/

http://hefahei6.top/

http://pipevai4.top/

http://nalirou7.top/

rc4.i32

Targets

- Target
  
  0f7fea936ac9aaf62528ed30373c838d_JaffaCakes118
- Size
  
  290KB
- MD5
  
  0f7fea936ac9aaf62528ed30373c838d
- SHA1
  
  262413c6eee91c797806be1a22394036bf84b633
- SHA256
  
  ee6cb977e78651d7b9a3fd412a40f6e2cd1501f05b04c49e744db35c83181132
- SHA512
  
  a56c15fc8e293d00dff30918e3adcee5d66ef2182a5ed1cd9f176dd6fa37a9c7e401cd2490aac4f2cfda35b17099f1ade03efb0276b984cf6b359bf24b41baec
- SSDEEP
  
  3072:mu0XiLyS0KcBa2lQ7y4zp+VaYzOeS9OuiNwWHFwIQnvIByI/JTEqWpGxfZz5LjI7:72aG4y4zakOLn9ByI/JoNpGjRI0LPj
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2