smokeloader

General

Target

7486e9fcfb67535395f9de43b31761ac_JaffaCakes118
Size

311KB
Sample

240401-tmpehshb4s
MD5

7486e9fcfb67535395f9de43b31761ac
SHA1

03f3ae531809ce70c78474906ced833ea62ef4f2
SHA256

1cbcf38576be160f81a7a93df62a3402d7965be062e4f1e0d88a81a44cd035a2
SHA512

8481ffbc317e2484a5905ebd6e848d9649483765596cfb64bfbe9ab296119195346916a04c230dc0ce7e8c71d44100142b33ec08129b35f3013c82aa8fc3d728
SSDEEP

6144:FTSnQWAfDhIs/7vwPYb3phQ2SCvizm8R4Rv:ZSAfDhv/7IYph5viz3g

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2020

C2

http://bostoc.com/upload/

http://qianyoupj.cn/upload/

http://sleoppen.com/upload/

http://stempelbeton.at/upload/

rc4.i32

Targets

- Target
  
  7486e9fcfb67535395f9de43b31761ac_JaffaCakes118
- Size
  
  311KB
- MD5
  
  7486e9fcfb67535395f9de43b31761ac
- SHA1
  
  03f3ae531809ce70c78474906ced833ea62ef4f2
- SHA256
  
  1cbcf38576be160f81a7a93df62a3402d7965be062e4f1e0d88a81a44cd035a2
- SHA512
  
  8481ffbc317e2484a5905ebd6e848d9649483765596cfb64bfbe9ab296119195346916a04c230dc0ce7e8c71d44100142b33ec08129b35f3013c82aa8fc3d728
- SSDEEP
  
  6144:FTSnQWAfDhIs/7vwPYb3phQ2SCvizm8R4Rv:ZSAfDhv/7IYph5viz3g
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2