smokeloader

General

Target

f047c60419c981ab0a4c4e3f8d8a2055_JaffaCakes118
Size

195KB
Sample

240415-esyg2sgg6w
MD5

f047c60419c981ab0a4c4e3f8d8a2055
SHA1

644d13dbd4477dec7be80c18471fc9b8e7e57f2a
SHA256

53629d95006face9c2826f50faece7610e82b45bd192d7f057b7e4b4d1b5a438
SHA512

1a8263a05e19002dd74b0dd3450b82ba9a80233b25929587041acefe605557caa1ed9c1099aef5e56a09ad7fce81923ace1e3b47ccd3f9f2aa40738604f3a779
SSDEEP

3072:N3dm/sfjQdm+oz7r4Sb4KhLPgZQ15D6CugKq4ArywoOLi6:fmcjQdEzHHb4KhL4E6Dgn4RwoOL

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

Targets

- Target
  
  f047c60419c981ab0a4c4e3f8d8a2055_JaffaCakes118
- Size
  
  195KB
- MD5
  
  f047c60419c981ab0a4c4e3f8d8a2055
- SHA1
  
  644d13dbd4477dec7be80c18471fc9b8e7e57f2a
- SHA256
  
  53629d95006face9c2826f50faece7610e82b45bd192d7f057b7e4b4d1b5a438
- SHA512
  
  1a8263a05e19002dd74b0dd3450b82ba9a80233b25929587041acefe605557caa1ed9c1099aef5e56a09ad7fce81923ace1e3b47ccd3f9f2aa40738604f3a779
- SSDEEP
  
  3072:N3dm/sfjQdm+oz7r4Sb4KhLPgZQ15D6CugKq4ArywoOLi6:fmcjQdEzHHb4KhL4E6Dgn4RwoOL
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2