smokeloader

General

Target

3932277e7b8af21af26bd1dfc2c80346_JaffaCakes118
Size

260KB
Sample

240330-ljh5bsce8y
MD5

3932277e7b8af21af26bd1dfc2c80346
SHA1

ebea9588899bf005ddbb8b40a54507a02d441b58
SHA256

798b6b6cc1b0a22e7a6f41af342b6430a5b291b918dbb0c1d0f596652da522a7
SHA512

efa7f9d3a1de786d797fe497fb733b08c07d370cf2ef6b795aa438de1c9393ea485501348abb56afb357b1e7d3293090fd5c0eb76079119314eb873bb609b234
SSDEEP

6144:UASRHmZDRiKYOMwY9DqP+T0qX7tNfVXVHQLIiu8cfo0/pW:9SRH4DRPHPwZGEX8cA0/M

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://honawey7.top/

http://wijibui0.top/

http://hefahei6.top/

http://pipevai4.top/

http://nalirou7.top/

rc4.i32

Targets

- Target
  
  3932277e7b8af21af26bd1dfc2c80346_JaffaCakes118
- Size
  
  260KB
- MD5
  
  3932277e7b8af21af26bd1dfc2c80346
- SHA1
  
  ebea9588899bf005ddbb8b40a54507a02d441b58
- SHA256
  
  798b6b6cc1b0a22e7a6f41af342b6430a5b291b918dbb0c1d0f596652da522a7
- SHA512
  
  efa7f9d3a1de786d797fe497fb733b08c07d370cf2ef6b795aa438de1c9393ea485501348abb56afb357b1e7d3293090fd5c0eb76079119314eb873bb609b234
- SSDEEP
  
  6144:UASRHmZDRiKYOMwY9DqP+T0qX7tNfVXVHQLIiu8cfo0/pW:9SRH4DRPHPwZGEX8cA0/M
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2