smokeloader | 95d83b9e181f80d6e7de252e3d3ace37c8c7f7d4bd36b8ae1198ae87c96a368e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66c40b0aa8b0aef71033c579bd0a1292_JaffaCakes118
Size

270KB
Sample

240723-jyg5gawfqr
MD5

66c40b0aa8b0aef71033c579bd0a1292
SHA1

577c70bc3fbda73016c31e086af8c90f4a93dd88
SHA256

95d83b9e181f80d6e7de252e3d3ace37c8c7f7d4bd36b8ae1198ae87c96a368e
SHA512

808b5e7807b415303ab6c3635c67ac3d108f1fa7077f9677546603ea55454a8cd35e85ac963e167ceab73fff715d3c00ccc2c69a6941addacdc0e270729053ff
SSDEEP

6144:0Bi21ldg+0OvvzLh1Ak9O3vOp4/ZxL8Txue/Q9EZLRM6UyXD:0o21zgPOvvzNNO/H/ZYgoVMJyXD

Score

10^/10

smokeloader ku11 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  66c40b0aa8b0aef71033c579bd0a1292_JaffaCakes118
- Size
  
  270KB
- MD5
  
  66c40b0aa8b0aef71033c579bd0a1292
- SHA1
  
  577c70bc3fbda73016c31e086af8c90f4a93dd88
- SHA256
  
  95d83b9e181f80d6e7de252e3d3ace37c8c7f7d4bd36b8ae1198ae87c96a368e
- SHA512
  
  808b5e7807b415303ab6c3635c67ac3d108f1fa7077f9677546603ea55454a8cd35e85ac963e167ceab73fff715d3c00ccc2c69a6941addacdc0e270729053ff
- SSDEEP
  
  6144:0Bi21ldg+0OvvzLh1Ak9O3vOp4/ZxL8Txue/Q9EZLRM6UyXD:0o21zgPOvvzNNO/H/ZYgoVMJyXD
Score

10^/10

smokeloader ku11 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoortrojan

behavioral2

smokeloaderku11backdoortrojan