smokeloader | 333bb146ca119affafd411cf95e4b459c53f3211bb1640c8f1cf6f1c5420123c | Triage

Sharing

General

Target

8ff6e761907ecdd81e664ba452873ede_JaffaCakes118
Size

587KB
Sample

240812-xy85vazekg
MD5

8ff6e761907ecdd81e664ba452873ede
SHA1

8a4ddcb1134a75c1b9dfded368dfe39f8987d261
SHA256

333bb146ca119affafd411cf95e4b459c53f3211bb1640c8f1cf6f1c5420123c
SHA512

dcf13f1da7ec1dbedddefdb45ef0af5ad29f0d9ad555ab71494224fb564a039e7b8e61cbd7f4e11bf0090c63e50e1e69066e546551796eb83c1cd1a81aabe162
SSDEEP

6144:txurXsrb0Y78v3RYQ2Ve0oY7ooLDlQfWGa5bnrwmy5VcbqAE7fQW0c4zFfJXnIZZ:txuIn0Y78vBx2VvCf+rwR/Nycaivp1

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  8ff6e761907ecdd81e664ba452873ede_JaffaCakes118
- Size
  
  587KB
- MD5
  
  8ff6e761907ecdd81e664ba452873ede
- SHA1
  
  8a4ddcb1134a75c1b9dfded368dfe39f8987d261
- SHA256
  
  333bb146ca119affafd411cf95e4b459c53f3211bb1640c8f1cf6f1c5420123c
- SHA512
  
  dcf13f1da7ec1dbedddefdb45ef0af5ad29f0d9ad555ab71494224fb564a039e7b8e61cbd7f4e11bf0090c63e50e1e69066e546551796eb83c1cd1a81aabe162
- SSDEEP
  
  6144:txurXsrb0Y78v3RYQ2Ve0oY7ooLDlQfWGa5bnrwmy5VcbqAE7fQW0c4zFfJXnIZZ:txuIn0Y78vBx2VvCf+rwR/Nycaivp1
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan