smokeloader

General

Target

1f16146429aa89bee5dd6984402d0d05_JaffaCakes118
Size

338KB
Sample

240329-l19zdaed6w
MD5

1f16146429aa89bee5dd6984402d0d05
SHA1

c89dafee3c49f1ab7addc3e90b22d86f1de092c9
SHA256

a5b54c044e643b5d968e2dd747b4e24e784be563d712bec870b9baebf9c5829d
SHA512

30dde93f4c787f5fa95303c7a182c6ede9b5b0dcd8954a5250a56864c97404de3094dfac953c577148881aad7fa770283ee6efa95903f734ed463412c0ca873e
SSDEEP

6144:a9/sIV9kZ5ccF7unhwe9atPnEZ0YKkKQAlZejt7d:YjbS5jByhw+atPG0YFKQQu3

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://fazanaharahe10.top/

http://xandelissane20.top/

http://ustiassosale30.top/

http://cytheriata40.top/

http://ggiergionard50.top/

rc4.i32

Targets

- Target
  
  1f16146429aa89bee5dd6984402d0d05_JaffaCakes118
- Size
  
  338KB
- MD5
  
  1f16146429aa89bee5dd6984402d0d05
- SHA1
  
  c89dafee3c49f1ab7addc3e90b22d86f1de092c9
- SHA256
  
  a5b54c044e643b5d968e2dd747b4e24e784be563d712bec870b9baebf9c5829d
- SHA512
  
  30dde93f4c787f5fa95303c7a182c6ede9b5b0dcd8954a5250a56864c97404de3094dfac953c577148881aad7fa770283ee6efa95903f734ed463412c0ca873e
- SSDEEP
  
  6144:a9/sIV9kZ5ccF7unhwe9atPnEZ0YKkKQAlZejt7d:YjbS5jByhw+atPG0YFKQQu3
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2