smokeloader | cb6156630fbb292a348014fb63af9f9be12d97b4c6b3c027a7d3801d47c6dbfb | Triage

Sharing

General

Target

0b6e972e6d5d8bd62cbef9d2b5bfe4ea_JaffaCakes118
Size

116KB
Sample

240501-27e1ksca65
MD5

0b6e972e6d5d8bd62cbef9d2b5bfe4ea
SHA1

895f675fa4dc040777ebe042210ba5920dbd2cc8
SHA256

cb6156630fbb292a348014fb63af9f9be12d97b4c6b3c027a7d3801d47c6dbfb
SHA512

eb736289c1ccb2054400c13c341ba7087c0588f2d1e79f9ebbff54d01ec3d42116dcb91084cd5480f222294afaff67afaf60fbd4653e203e72a400ac1e11c9ce
SSDEEP

1536:LBNNJ5kdqULXP6f4ccRiFHLxnPZyzP4Gt5BQItBWEYfvPyX96ifyMzlRsLN0s:r75qLZidazP4Gt5aItBpCv6oVMx9

Score

10^/10

smokeloader backdoor trojan

Malware Config

Extracted

Family

smokeloader

Version

2019

C2

http://seogeostatseo.xyz/

rc4.i32

rc4.i32

Targets

- Target
  
  0b6e972e6d5d8bd62cbef9d2b5bfe4ea_JaffaCakes118
- Size
  
  116KB
- MD5
  
  0b6e972e6d5d8bd62cbef9d2b5bfe4ea
- SHA1
  
  895f675fa4dc040777ebe042210ba5920dbd2cc8
- SHA256
  
  cb6156630fbb292a348014fb63af9f9be12d97b4c6b3c027a7d3801d47c6dbfb
- SHA512
  
  eb736289c1ccb2054400c13c341ba7087c0588f2d1e79f9ebbff54d01ec3d42116dcb91084cd5480f222294afaff67afaf60fbd4653e203e72a400ac1e11c9ce
- SSDEEP
  
  1536:LBNNJ5kdqULXP6f4ccRiFHLxnPZyzP4Gt5BQItBWEYfvPyX96ifyMzlRsLN0s:r75qLZidazP4Gt5aItBpCv6oVMx9
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan