smokeloader

General

Target

8f80a4323cf7b0d9bb90bc833b4ff8be_JaffaCakes118
Size

339KB
Sample

240402-r7j97ade79
MD5

8f80a4323cf7b0d9bb90bc833b4ff8be
SHA1

79c5afdfcf805cfcc9bf67307678e4dc1ea00ff1
SHA256

31e3f9184e29f3979f4d44b4ee84e806fd45e899a61e40b3d1b11dcd6d79a7ad
SHA512

a48bcb5e6e62d48e24d067dceccb0739cbc384b8856b032dac5396df70f2c81b93c2c4cce5c0d9b3774c88dffc16d41ffdde2b62e4e38a91e84108769ec9d40a
SSDEEP

3072:BrLcIvLytiVp3iEWr7ZVIBN42AmbYxhIfsex8taNLP2FFEpKvGiukaq8zFrdN4Dy:tNy9Xw7nMC0eOaBPiCpTiukaHz1kpr

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2020

C2

http://gmpeople.com/upload/

http://mile48.com/upload/

http://lecanardstsornin.com/upload/

http://m3600.com/upload/

http://camasirx.com/upload/

rc4.i32

Targets

- Target
  
  8f80a4323cf7b0d9bb90bc833b4ff8be_JaffaCakes118
- Size
  
  339KB
- MD5
  
  8f80a4323cf7b0d9bb90bc833b4ff8be
- SHA1
  
  79c5afdfcf805cfcc9bf67307678e4dc1ea00ff1
- SHA256
  
  31e3f9184e29f3979f4d44b4ee84e806fd45e899a61e40b3d1b11dcd6d79a7ad
- SHA512
  
  a48bcb5e6e62d48e24d067dceccb0739cbc384b8856b032dac5396df70f2c81b93c2c4cce5c0d9b3774c88dffc16d41ffdde2b62e4e38a91e84108769ec9d40a
- SSDEEP
  
  3072:BrLcIvLytiVp3iEWr7ZVIBN42AmbYxhIfsex8taNLP2FFEpKvGiukaq8zFrdN4Dy:tNy9Xw7nMC0eOaBPiCpTiukaHz1kpr
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2