smokeloader | 0421c7adba334dcf2f0a8da5ab3e30892a48641fff60d91464270d19392509aa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29ad5d420fd5a462846b766ccdc20b86_JaffaCakes118
Size

204KB
Sample

240707-c2gvjstemf
MD5

29ad5d420fd5a462846b766ccdc20b86
SHA1

6ceebfc7578540c5d86ced556faebc7b7f94f990
SHA256

0421c7adba334dcf2f0a8da5ab3e30892a48641fff60d91464270d19392509aa
SHA512

716de8980ed14bb9b50157552400077c8fc82baaec76673c864a9977c6c4819f0f97027d5b820581d83cfa02fcea75c574a8f85b6fefac863b49ebe1a8bb2631
SSDEEP

6144:n4eldaD8pHLQxn3Ee0Dxv0wSWbCbQXc5H:n4ejaD8ZtTF09WbCbqK

Score

10^/10

smokeloader ku11 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  29ad5d420fd5a462846b766ccdc20b86_JaffaCakes118
- Size
  
  204KB
- MD5
  
  29ad5d420fd5a462846b766ccdc20b86
- SHA1
  
  6ceebfc7578540c5d86ced556faebc7b7f94f990
- SHA256
  
  0421c7adba334dcf2f0a8da5ab3e30892a48641fff60d91464270d19392509aa
- SHA512
  
  716de8980ed14bb9b50157552400077c8fc82baaec76673c864a9977c6c4819f0f97027d5b820581d83cfa02fcea75c574a8f85b6fefac863b49ebe1a8bb2631
- SSDEEP
  
  6144:n4eldaD8pHLQxn3Ee0Dxv0wSWbCbQXc5H:n4ejaD8ZtTF09WbCbqK
Score

10^/10

smokeloader ku11 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoortrojan

behavioral2

smokeloaderku11backdoortrojan