smokeloader | 11163d8bb3c204eea651c154878a307927859341e8d14feeffdbf5a1de4009f4 | Triage

Sharing

General

Target

88f1f7082e68e84aa582131d6fc43764_JaffaCakes118
Size

141KB
Sample

240811-erjmhavbnk
MD5

88f1f7082e68e84aa582131d6fc43764
SHA1

e77e81d50b1993b8dc05b867be4d173eb07726f0
SHA256

11163d8bb3c204eea651c154878a307927859341e8d14feeffdbf5a1de4009f4
SHA512

04df65f06273543ceeaa716be689d18dbd30599cad491f533459a156e1c1a335cbf6d8bc22668d3fd78f028020148783896c9145fb33a1a6859a1ad3b747ead6
SSDEEP

3072:r5r5Ylq/q3jCzdRiOIrlhqdQdYl8ajm6pF+mvU:r5reldzCWOWUdkYuajdF+mvU

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  88f1f7082e68e84aa582131d6fc43764_JaffaCakes118
- Size
  
  141KB
- MD5
  
  88f1f7082e68e84aa582131d6fc43764
- SHA1
  
  e77e81d50b1993b8dc05b867be4d173eb07726f0
- SHA256
  
  11163d8bb3c204eea651c154878a307927859341e8d14feeffdbf5a1de4009f4
- SHA512
  
  04df65f06273543ceeaa716be689d18dbd30599cad491f533459a156e1c1a335cbf6d8bc22668d3fd78f028020148783896c9145fb33a1a6859a1ad3b747ead6
- SSDEEP
  
  3072:r5r5Ylq/q3jCzdRiOIrlhqdQdYl8ajm6pF+mvU:r5reldzCWOWUdkYuajdF+mvU
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan