smokeloader | 5255cd73d0113148df31e8bb334a9b9b544858705b28345e3d63cc6a49eb55e3 | Triage

Sharing

General

Target

759d1421306fce37877500fd31af2b0a_JaffaCakes118
Size

143KB
Sample

240726-zb49gswemf
MD5

759d1421306fce37877500fd31af2b0a
SHA1

0503a087927137c3c1143029c31f80cd0d88cecd
SHA256

5255cd73d0113148df31e8bb334a9b9b544858705b28345e3d63cc6a49eb55e3
SHA512

b38b6bc61fe5fe0060c2870093a17defb708bdb1102085616d77208cee2ebe1abfd7e002c301036b10cbe1f1edbb3011534557b9cc999cfbc44d4af537720e09
SSDEEP

3072:C5rJxmmmf2cxVJ6UWtA6bS6uSXu+1V8BkF+vLR:C5rJxmmmf2cx2ZW6uSdmaF+9

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  759d1421306fce37877500fd31af2b0a_JaffaCakes118
- Size
  
  143KB
- MD5
  
  759d1421306fce37877500fd31af2b0a
- SHA1
  
  0503a087927137c3c1143029c31f80cd0d88cecd
- SHA256
  
  5255cd73d0113148df31e8bb334a9b9b544858705b28345e3d63cc6a49eb55e3
- SHA512
  
  b38b6bc61fe5fe0060c2870093a17defb708bdb1102085616d77208cee2ebe1abfd7e002c301036b10cbe1f1edbb3011534557b9cc999cfbc44d4af537720e09
- SSDEEP
  
  3072:C5rJxmmmf2cxVJ6UWtA6bS6uSXu+1V8BkF+vLR:C5rJxmmmf2cx2ZW6uSdmaF+9
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan