smokeloader | fd558ff647c987bffcc58caafcee22a7abfdeb180c98cc979bbe2e2ec552dc3d | Triage

Sharing

General

Target

97090de5fde3d0d768b0ece64a354448_JaffaCakes118
Size

118KB
Sample

240814-v9b85svdjc
MD5

97090de5fde3d0d768b0ece64a354448
SHA1

d349a346a6c6f4e0affa452b1f2eb5f3361bb8f5
SHA256

fd558ff647c987bffcc58caafcee22a7abfdeb180c98cc979bbe2e2ec552dc3d
SHA512

439628de3e81c4f25f176dcc337b2f8f56f5e4bb9db7b0e5f7f573b4333b894df97b33967c157d7eaa70541b0553866735ddb8224cd35dfbb19a28279561a812
SSDEEP

3072:g0+cqicJXdvu87vpJBsMIYTfpzcVRQ9rSOLwi4w3R3Pe4:g4hcFttbp3RcXQMQbW4

Score

10^/10

smokeloader 1910 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

1910

Targets

- Target
  
  97090de5fde3d0d768b0ece64a354448_JaffaCakes118
- Size
  
  118KB
- MD5
  
  97090de5fde3d0d768b0ece64a354448
- SHA1
  
  d349a346a6c6f4e0affa452b1f2eb5f3361bb8f5
- SHA256
  
  fd558ff647c987bffcc58caafcee22a7abfdeb180c98cc979bbe2e2ec552dc3d
- SHA512
  
  439628de3e81c4f25f176dcc337b2f8f56f5e4bb9db7b0e5f7f573b4333b894df97b33967c157d7eaa70541b0553866735ddb8224cd35dfbb19a28279561a812
- SSDEEP
  
  3072:g0+cqicJXdvu87vpJBsMIYTfpzcVRQ9rSOLwi4w3R3Pe4:g4hcFttbp3RcXQMQbW4
Score

10^/10

smokeloader 1910 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader1910backdoordiscoverytrojan

behavioral2

smokeloader1910backdoordiscoverytrojan