smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

3b7218778be3d7dfd698dc30ca190f45_JaffaCakes118
Size

117KB
Sample

240330-n7l71afb52
MD5

3b7218778be3d7dfd698dc30ca190f45
SHA1

32c2555d65bde88d6e0e042a4f94bf4879773f95
SHA256

839a1e099b0339024bf77ccdf6fc4e8ff9655991dc1145ebdfc3b7113ecd5f7a
SHA512

ed69c950d3b64db94d66db3a6cafdbbe80882f0f1649003246f554b96ed2ef6ac5882ec9731b56035935e1c038b47ee9121689ab999e9517a0d7df7ca4beda8e
SSDEEP

1536:xk8rwHurm5yRVWH35FH0pum0peeMpAe3LNXWCnljKREIug6Nr+JoibcN:yQkcWH3XH04pet22Lggx/g6NCJoibcN

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

http://fiskahlilian16.top/

http://paishancho17.top/

http://ydiannetter18.top/

http://azarehanelle19.top/

http://quericeriant20.top/

rc4.i32

Targets

- Target
  
  3b7218778be3d7dfd698dc30ca190f45_JaffaCakes118
- Size
  
  117KB
- MD5
  
  3b7218778be3d7dfd698dc30ca190f45
- SHA1
  
  32c2555d65bde88d6e0e042a4f94bf4879773f95
- SHA256
  
  839a1e099b0339024bf77ccdf6fc4e8ff9655991dc1145ebdfc3b7113ecd5f7a
- SHA512
  
  ed69c950d3b64db94d66db3a6cafdbbe80882f0f1649003246f554b96ed2ef6ac5882ec9731b56035935e1c038b47ee9121689ab999e9517a0d7df7ca4beda8e
- SSDEEP
  
  1536:xk8rwHurm5yRVWH35FH0pum0peeMpAe3LNXWCnljKREIug6Nr+JoibcN:yQkcWH3XH04pet22Lggx/g6NCJoibcN
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2