smokeloader

General

Target

33eeddd38b08c28a5466eb357ab2401d_JaffaCakes118
Size

344KB
Sample

240330-fc1sxaha8w
MD5

33eeddd38b08c28a5466eb357ab2401d
SHA1

44a043cae0c9a07cf27d6cdf22f6a2e3ae9465d4
SHA256

d395decedde3ce22737a67d9b4c781e591f4c3cd2755da66dca9d0b2885fae68
SHA512

905808213b81d10ea98934987c42d7c7d44374cd580ef9e4a298f57c5bebb932c8037113082afb289f699a546ccd8e0bac2b6310581ee0bc7246d010e8539415
SSDEEP

6144:t+XWS1QsItYALGhaf/v7dz1jKTznx7+I+hy0lGd4ZX/:tMWS1QswLGcf/vRJjKnnx7mhLGWd

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://honawey7.top/

http://wijibui0.top/

http://hefahei6.top/

http://pipevai4.top/

http://nalirou7.top/

rc4.i32

Targets

- Target
  
  33eeddd38b08c28a5466eb357ab2401d_JaffaCakes118
- Size
  
  344KB
- MD5
  
  33eeddd38b08c28a5466eb357ab2401d
- SHA1
  
  44a043cae0c9a07cf27d6cdf22f6a2e3ae9465d4
- SHA256
  
  d395decedde3ce22737a67d9b4c781e591f4c3cd2755da66dca9d0b2885fae68
- SHA512
  
  905808213b81d10ea98934987c42d7c7d44374cd580ef9e4a298f57c5bebb932c8037113082afb289f699a546ccd8e0bac2b6310581ee0bc7246d010e8539415
- SSDEEP
  
  6144:t+XWS1QsItYALGhaf/v7dz1jKTznx7+I+hy0lGd4ZX/:tMWS1QswLGcf/vRJjKnnx7mhLGWd
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2