smokeloader | b2a9c503eca1d92f5480906192501e32ddc182a6adb74ebdca0f2520b6c59226 | Triage

Sharing

General

Target

95c75a07fff59f6ba955ee34cc32daa9_JaffaCakes118
Size

251KB
Sample

240814-mv66zaxgqh
MD5

95c75a07fff59f6ba955ee34cc32daa9
SHA1

8372e47b036e9dcc685f099510b5ebdae9a81d40
SHA256

b2a9c503eca1d92f5480906192501e32ddc182a6adb74ebdca0f2520b6c59226
SHA512

3f9dedeb60ff0538ec72aad6afb04f145ffb02c589a17d0243c71bb377ce45aa2a6b49dba4455c689dcab5bdbdea3a007ee91ef73f059d00ccbbfaf44a04596d
SSDEEP

6144:MdmqFz9Hkh8fd401gKQPQWODmj7EhVqx1bcPpppppppYIGy:iz9oOx1gKIQpo7VbB

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  95c75a07fff59f6ba955ee34cc32daa9_JaffaCakes118
- Size
  
  251KB
- MD5
  
  95c75a07fff59f6ba955ee34cc32daa9
- SHA1
  
  8372e47b036e9dcc685f099510b5ebdae9a81d40
- SHA256
  
  b2a9c503eca1d92f5480906192501e32ddc182a6adb74ebdca0f2520b6c59226
- SHA512
  
  3f9dedeb60ff0538ec72aad6afb04f145ffb02c589a17d0243c71bb377ce45aa2a6b49dba4455c689dcab5bdbdea3a007ee91ef73f059d00ccbbfaf44a04596d
- SSDEEP
  
  6144:MdmqFz9Hkh8fd401gKQPQWODmj7EhVqx1bcPpppppppYIGy:iz9oOx1gKIQpo7VbB
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan