smokeloader

General

Target

4ab7a04988607dba1a0c17a0252c892f_JaffaCakes118
Size

338KB
Sample

240331-cw8fbacb3s
MD5

4ab7a04988607dba1a0c17a0252c892f
SHA1

31979b5a157974f8a91707faf308b7b689e16195
SHA256

41039a74a58477c8ff83e4a77897ba07676bbe7923eefb4a7fce2b1be9855228
SHA512

31573e992f8a58df8f55d073f777755b3bf8de97b2758b5b70f9b6a17f77e7e1be834205a5d217f7177ffad7dcffc258ebb3779498e3cc7fbce49cb007432ba2
SSDEEP

6144:0v7HiP7i9sknaHhUXiSaIP2hjE6kkWiJkuO1:t74skaBUXFaIP2E6HWiOz1

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2020

C2

http://gmpeople.com/upload/

http://mile48.com/upload/

http://lecanardstsornin.com/upload/

http://m3600.com/upload/

http://camasirx.com/upload/

rc4.i32

Targets

- Target
  
  4ab7a04988607dba1a0c17a0252c892f_JaffaCakes118
- Size
  
  338KB
- MD5
  
  4ab7a04988607dba1a0c17a0252c892f
- SHA1
  
  31979b5a157974f8a91707faf308b7b689e16195
- SHA256
  
  41039a74a58477c8ff83e4a77897ba07676bbe7923eefb4a7fce2b1be9855228
- SHA512
  
  31573e992f8a58df8f55d073f777755b3bf8de97b2758b5b70f9b6a17f77e7e1be834205a5d217f7177ffad7dcffc258ebb3779498e3cc7fbce49cb007432ba2
- SSDEEP
  
  6144:0v7HiP7i9sknaHhUXiSaIP2hjE6kkWiJkuO1:t74skaBUXFaIP2E6HWiOz1
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2