smokeloader | 483ab7cdc131092363c2c402b326a78c7d212fba00a7c01e0ea5fc99bb76820f | Triage

Sharing

General

Target

763e4269e61dd06332df1d88a5a5206a_JaffaCakes118
Size

388KB
Sample

240526-v17npaea5s
MD5

763e4269e61dd06332df1d88a5a5206a
SHA1

4ff9cd2fb6c9951176f2546f8ae00ee19bf46668
SHA256

483ab7cdc131092363c2c402b326a78c7d212fba00a7c01e0ea5fc99bb76820f
SHA512

21abaaf33764a5fab563bb03af87e53f4885234e5c7a21b1ad05cddccfa77175e5d87dadc005f2d136aaf47d93da70b2133d09e3b4ff5b484c9a9a61dc4c84a4
SSDEEP

6144:Y5PM8zUqTKOChv0+Be1vTUroDRZf+pffufxWLwn:+9YqOOC10pvTEiR8m6wn

Score

10^/10

smokeloader backdoor trojan

Malware Config

Targets

- Target
  
  763e4269e61dd06332df1d88a5a5206a_JaffaCakes118
- Size
  
  388KB
- MD5
  
  763e4269e61dd06332df1d88a5a5206a
- SHA1
  
  4ff9cd2fb6c9951176f2546f8ae00ee19bf46668
- SHA256
  
  483ab7cdc131092363c2c402b326a78c7d212fba00a7c01e0ea5fc99bb76820f
- SHA512
  
  21abaaf33764a5fab563bb03af87e53f4885234e5c7a21b1ad05cddccfa77175e5d87dadc005f2d136aaf47d93da70b2133d09e3b4ff5b484c9a9a61dc4c84a4
- SSDEEP
  
  6144:Y5PM8zUqTKOChv0+Be1vTUroDRZf+pffufxWLwn:+9YqOOC10pvTEiR8m6wn
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderbackdoortrojan