smokeloader | 3b3c84f6ba906770c3b5d55bd41f4bf98c7d0924b61d7d6dc2d1b4db6f4322d9 | Triage

Sharing

General

Target

6aff96cef901aff32b0467145869627e_JaffaCakes118
Size

109KB
Sample

240523-p3kn2sbb49
MD5

6aff96cef901aff32b0467145869627e
SHA1

04163649983c3626e84ac4d4b56f1cae740d5ad8
SHA256

3b3c84f6ba906770c3b5d55bd41f4bf98c7d0924b61d7d6dc2d1b4db6f4322d9
SHA512

abe77d4513d60643ff19b4291a10df10e4c73531ded9725581c460e0d329956545156face8a82bafdb9f002ddea3150e61ad441e7d5f955daee37390325567fd
SSDEEP

1536:zcXYDU/r6NR3ymx3QHE/DKV8b6kRd8ZPCsoXvBG6AXFUllbtWRU:gXYDU7mpT/OVsRdKP9ivBA0BWRU

Score

10^/10

smokeloader pub2 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  6aff96cef901aff32b0467145869627e_JaffaCakes118
- Size
  
  109KB
- MD5
  
  6aff96cef901aff32b0467145869627e
- SHA1
  
  04163649983c3626e84ac4d4b56f1cae740d5ad8
- SHA256
  
  3b3c84f6ba906770c3b5d55bd41f4bf98c7d0924b61d7d6dc2d1b4db6f4322d9
- SHA512
  
  abe77d4513d60643ff19b4291a10df10e4c73531ded9725581c460e0d329956545156face8a82bafdb9f002ddea3150e61ad441e7d5f955daee37390325567fd
- SSDEEP
  
  1536:zcXYDU/r6NR3ymx3QHE/DKV8b6kRd8ZPCsoXvBG6AXFUllbtWRU:gXYDU7mpT/OVsRdKP9ivBA0BWRU
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderpub2backdoortrojan

behavioral2

smokeloaderpub2backdoortrojan