smokeloader | 91058892ca22d791121b442fc1d3ad0e6cedfe97c3b0c2d2d56163285cfbcd4a | Triage

Sharing

General

Target

9893b9de3b7048b97a55be3f3b569094_JaffaCakes118
Size

238KB
Sample

240815-ctys4avdqr
MD5

9893b9de3b7048b97a55be3f3b569094
SHA1

a75cde29dc812752832b5c665ee639a25e594a8a
SHA256

91058892ca22d791121b442fc1d3ad0e6cedfe97c3b0c2d2d56163285cfbcd4a
SHA512

7803bbec5d7a68df9c1349dba986f2d599a756e54e10b1de52268ec917f4c7f4d019e9f0212ed4abefe1482cf0edc76b7b89629b0ad9d65a7c052cac5f701b2f
SSDEEP

6144:J/5XSZdolY1/sJIZk1DY/ca76cYDHMwO9IMZRYTo+W5:h56oS9sJ8wYEPcqslIMZRYT

Score

10^/10

smokeloader 0510 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0510

Targets

- Target
  
  9893b9de3b7048b97a55be3f3b569094_JaffaCakes118
- Size
  
  238KB
- MD5
  
  9893b9de3b7048b97a55be3f3b569094
- SHA1
  
  a75cde29dc812752832b5c665ee639a25e594a8a
- SHA256
  
  91058892ca22d791121b442fc1d3ad0e6cedfe97c3b0c2d2d56163285cfbcd4a
- SHA512
  
  7803bbec5d7a68df9c1349dba986f2d599a756e54e10b1de52268ec917f4c7f4d019e9f0212ed4abefe1482cf0edc76b7b89629b0ad9d65a7c052cac5f701b2f
- SSDEEP
  
  6144:J/5XSZdolY1/sJIZk1DY/ca76cYDHMwO9IMZRYTo+W5:h56oS9sJ8wYEPcqslIMZRYT
Score

10^/10

smokeloader 0510 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0510backdoordiscoverytrojan

behavioral2

smokeloader0510backdoordiscoverytrojan