smokeloader

General

Target

f872edf5b2fa3074c67ef185ae96c8c7_JaffaCakes118
Size

328KB
Sample

240418-v4qjksbf6x
MD5

f872edf5b2fa3074c67ef185ae96c8c7
SHA1

8a58f1b36716f83f399295509e8cbe9e3fd1e71e
SHA256

31139bb6f0d73a9fda8e2ebe1823fbb8a894df0f2265f56702b6ea777bffbd92
SHA512

2398f8f324364269d962f3bf9336ec1800736ab6050d1a582d916ec6008daa252882ac242a424ec8d1434b9176d118c0c65282830ee983f4468e7441e38ef38e
SSDEEP

6144:97m9u1ZJQ5JKSNzcynCku+UPzwbk6jjH2XrNrnfGcFNjLxk:82ZJ63NzLnu+U7wP3H27pfGc5

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

Targets

- Target
  
  f872edf5b2fa3074c67ef185ae96c8c7_JaffaCakes118
- Size
  
  328KB
- MD5
  
  f872edf5b2fa3074c67ef185ae96c8c7
- SHA1
  
  8a58f1b36716f83f399295509e8cbe9e3fd1e71e
- SHA256
  
  31139bb6f0d73a9fda8e2ebe1823fbb8a894df0f2265f56702b6ea777bffbd92
- SHA512
  
  2398f8f324364269d962f3bf9336ec1800736ab6050d1a582d916ec6008daa252882ac242a424ec8d1434b9176d118c0c65282830ee983f4468e7441e38ef38e
- SSDEEP
  
  6144:97m9u1ZJQ5JKSNzcynCku+UPzwbk6jjH2XrNrnfGcFNjLxk:82ZJ63NzLnu+U7wP3H27pfGc5
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2