General

  • Target

    3ad3e8a1aa397b7eb8fed3fdde999850_JaffaCakes118

  • Size

    146KB

  • Sample

    240711-1mqe5svhlm

  • MD5

    3ad3e8a1aa397b7eb8fed3fdde999850

  • SHA1

    9d96bb6b8ee7458c81d221bd4cd85b150e0e169f

  • SHA256

    ee0dc01189fa36888974da35bf48bd7b47a9731465a263df4fdd5293c0cfad33

  • SHA512

    2e34a7b803b1949c4ca48576fde361ce16a3e65d4aa4f1085a25eabc2948a4ec94600da546ac923d5eb6ad97a2b12f1de5be0fafe02ef43aa50992be1c980b93

  • SSDEEP

    3072:1u3sKyHDfLA14JHT0QkvXYDNyDI/3LM3M6Z5Uyl8:asVHbLA12HT9kwDsW3fyl8

Malware Config

Extracted

Family

smokeloader

Botnet

1910

Targets

    • Target

      3ad3e8a1aa397b7eb8fed3fdde999850_JaffaCakes118

    • Size

      146KB

    • MD5

      3ad3e8a1aa397b7eb8fed3fdde999850

    • SHA1

      9d96bb6b8ee7458c81d221bd4cd85b150e0e169f

    • SHA256

      ee0dc01189fa36888974da35bf48bd7b47a9731465a263df4fdd5293c0cfad33

    • SHA512

      2e34a7b803b1949c4ca48576fde361ce16a3e65d4aa4f1085a25eabc2948a4ec94600da546ac923d5eb6ad97a2b12f1de5be0fafe02ef43aa50992be1c980b93

    • SSDEEP

      3072:1u3sKyHDfLA14JHT0QkvXYDNyDI/3LM3M6Z5Uyl8:asVHbLA12HT9kwDsW3fyl8

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks