smokeloader

General

Target

dc7318eed018b03aed0a3915c2e22077_JaffaCakes118
Size

220KB
Sample

240406-f7t9lsce42
MD5

dc7318eed018b03aed0a3915c2e22077
SHA1

1d7bff4c07e31ddbbebb45361ecca573f0793518
SHA256

df231158afb377a5f5a2d0ecfb130d26cc0123762bcef1c7c3ba8b36f2dba0ba
SHA512

91f38224ac018ba60d7da08face2dc3d04c082fe49f48b3ecfc012ae7f62b64daf627c52d643fad687b0412c53d66d0eb586a5ebbe8290055232f2c290203a38
SSDEEP

3072:D+FolnBVoIZ4Jum7fXs1hq7nPboS9D98aShyuy6inoeLraOJpQ3E:EolnBVdeJusfXOaTVx98aC3bOUE

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://bostoc.com/upload/

http://qianyoupj.cn/upload/

http://sleoppen.com/upload/

http://stempelbeton.at/upload/

rc4.i32

Targets

- Target
  
  dc7318eed018b03aed0a3915c2e22077_JaffaCakes118
- Size
  
  220KB
- MD5
  
  dc7318eed018b03aed0a3915c2e22077
- SHA1
  
  1d7bff4c07e31ddbbebb45361ecca573f0793518
- SHA256
  
  df231158afb377a5f5a2d0ecfb130d26cc0123762bcef1c7c3ba8b36f2dba0ba
- SHA512
  
  91f38224ac018ba60d7da08face2dc3d04c082fe49f48b3ecfc012ae7f62b64daf627c52d643fad687b0412c53d66d0eb586a5ebbe8290055232f2c290203a38
- SSDEEP
  
  3072:D+FolnBVoIZ4Jum7fXs1hq7nPboS9D98aShyuy6inoeLraOJpQ3E:EolnBVdeJusfXOaTVx98aC3bOUE
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2