smokeloader | be032b655d9a935fbca887adfc5e478085b7d64c96720c57da870c2d463ed881 | Triage

Sharing

General

Target

4554b2e507e6c89c9a7d51097f2f155f_JaffaCakes118
Size

332KB
Sample

240330-1wt5pafe7v
MD5

4554b2e507e6c89c9a7d51097f2f155f
SHA1

3266d2f320b9fa50051570da99e7ed62046e2203
SHA256

be032b655d9a935fbca887adfc5e478085b7d64c96720c57da870c2d463ed881
SHA512

79c4d1e8df906405e729dc42fa0205d5d792d23e4227e558a5f5ceec2f2d23875c5edf635ffc592a49ef5f4547c866adb262ee9197a0e10c9fc08343264d0fb7
SSDEEP

3072:NC7BSM9qPJ5nlqHBJR4RAHjxT0uRdDh/SQgnSpI/7C4YmIBPoeWUNSJ/Hf9ArjxE:NHUR/DiuFZudzCvvPSJ/HfmoIZ0AMz

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://gejajoo7.top/

http://sysaheu9.top/

rc4.i32

rc4.i32

Targets

- Target
  
  4554b2e507e6c89c9a7d51097f2f155f_JaffaCakes118
- Size
  
  332KB
- MD5
  
  4554b2e507e6c89c9a7d51097f2f155f
- SHA1
  
  3266d2f320b9fa50051570da99e7ed62046e2203
- SHA256
  
  be032b655d9a935fbca887adfc5e478085b7d64c96720c57da870c2d463ed881
- SHA512
  
  79c4d1e8df906405e729dc42fa0205d5d792d23e4227e558a5f5ceec2f2d23875c5edf635ffc592a49ef5f4547c866adb262ee9197a0e10c9fc08343264d0fb7
- SSDEEP
  
  3072:NC7BSM9qPJ5nlqHBJR4RAHjxT0uRdDh/SQgnSpI/7C4YmIBPoeWUNSJ/Hf9ArjxE:NHUR/DiuFZudzCvvPSJ/HfmoIZ0AMz
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan