smokeloader | c6306e44d7fa39d1e8beb2acfde2a5567a0c8b8b0ef0ef14f921a82b0e5f8807 | Triage

Sharing

General

Target

65e183f999650701e30901b8cf864801_JaffaCakes118
Size

1.1MB
Sample

240522-d76arsba5z
MD5

65e183f999650701e30901b8cf864801
SHA1

cbc51318f370c99f256fc993d8082f4919fe8898
SHA256

c6306e44d7fa39d1e8beb2acfde2a5567a0c8b8b0ef0ef14f921a82b0e5f8807
SHA512

e7aac004ee373d12311a252eab57a96644310e6a196712b08dda3584046c1f3880ab7fe28dfd3e5234e6cd02f243b39b1e6723cd7ca43204dffdb02c16ab08b0
SSDEEP

24576:nAHnh+eWsN3skA4RV1Hom2KXMmHauDq+xM0NtFKvyhErE5Wy:ah+ZkldoPK8Yauu+tNtFKQEeX

Score

10^/10

smokeloader 119 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

119

Targets

- Target
  
  65e183f999650701e30901b8cf864801_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  65e183f999650701e30901b8cf864801
- SHA1
  
  cbc51318f370c99f256fc993d8082f4919fe8898
- SHA256
  
  c6306e44d7fa39d1e8beb2acfde2a5567a0c8b8b0ef0ef14f921a82b0e5f8807
- SHA512
  
  e7aac004ee373d12311a252eab57a96644310e6a196712b08dda3584046c1f3880ab7fe28dfd3e5234e6cd02f243b39b1e6723cd7ca43204dffdb02c16ab08b0
- SSDEEP
  
  24576:nAHnh+eWsN3skA4RV1Hom2KXMmHauDq+xM0NtFKvyhErE5Wy:ah+ZkldoPK8Yauu+tNtFKQEeX
Score

10^/10

smokeloader 119 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

smokeloader119backdoortrojan