smokeloader

General

Target

669769643471a56a4176d7571379ae0a_JaffaCakes118
Size

256KB
Sample

240522-j2wf9shb48
MD5

669769643471a56a4176d7571379ae0a
SHA1

f8d931172466a1d992b387f638c2f4418633e411
SHA256

4cc990111c2332e4083f9c240b0b53f0ae383fb7cb925ebafe210448cb5b8f1e
SHA512

813fcacf9a3af21103f7fbafc3f3de8e9259b4a1444d48596a3236df94d7b617d7c0db445e7cca5d6a5e68a9319a40491b908aac2e487081f15eb51e34880380
SSDEEP

3072:4+Uf6DJnW/XOOoy0MJwQvyEB2TN1OaXkc9hIKFAxW1+rSGMbispXY05:4/XO1BMJlvjB2T+c0KOQ1+rSBblY05

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pab3

Extracted

Family

smokeloader

Version

2019

C2

http://10022020newfolder1002002131-service1002.space/

http://10022020newfolder1002002231-service1002.space/

http://10022020newfolder3100231-service1002.space/

http://10022020newfolder1002002431-service1002.space/

http://10022020newfolder1002002531-service1002.space/

http://10022020newfolder33417-01242510022020.space/

http://10022020test125831-service1002012510022020.space/

http://10022020test136831-service1002012510022020.space/

http://10022020test147831-service1002012510022020.space/

http://10022020test146831-service1002012510022020.space/

http://10022020test134831-service1002012510022020.space/

http://10022020est213531-service100201242510022020.ru/

http://10022020yes1t3481-service1002012510022020.ru/

http://10022020test13561-service1002012510022020.su/

http://10022020test14781-service1002012510022020.info/

http://10022020test13461-service1002012510022020.net/

http://10022020test15671-service1002012510022020.tech/

http://10022020test12671-service1002012510022020.online/

http://10022020utest1341-service1002012510022020.ru/

http://10022020uest71-service100201dom2510022020.ru/

rc4.i32

Targets

- Target
  
  669769643471a56a4176d7571379ae0a_JaffaCakes118
- Size
  
  256KB
- MD5
  
  669769643471a56a4176d7571379ae0a
- SHA1
  
  f8d931172466a1d992b387f638c2f4418633e411
- SHA256
  
  4cc990111c2332e4083f9c240b0b53f0ae383fb7cb925ebafe210448cb5b8f1e
- SHA512
  
  813fcacf9a3af21103f7fbafc3f3de8e9259b4a1444d48596a3236df94d7b617d7c0db445e7cca5d6a5e68a9319a40491b908aac2e487081f15eb51e34880380
- SSDEEP
  
  3072:4+Uf6DJnW/XOOoy0MJwQvyEB2TN1OaXkc9hIKFAxW1+rSGMbispXY05:4/XO1BMJlvjB2T+c0KOQ1+rSBblY05
Score

10^/10

smokeloader pab3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2