smokeloader | 2d1d65750e1cc8a400ff99d1f3bb3a060235d6f8ef8c35ff4f876215e83e44a0 | Triage

Sharing

General

Target

9978c17ddf26ef27c1a7eaca4b349e26_JaffaCakes118
Size

184KB
Sample

240815-jqthjasdrc
MD5

9978c17ddf26ef27c1a7eaca4b349e26
SHA1

c21f3829d69ebd12a6171be07b84b35d5500df5b
SHA256

2d1d65750e1cc8a400ff99d1f3bb3a060235d6f8ef8c35ff4f876215e83e44a0
SHA512

1cf0f826eb4852673fb23924d216dacf00bf452e1c4b22cb96bcc3fca1201475fb6fe8366dceac9907d33ea9331ca35b3e07850e1e1bedf7cc9468d6420b3370
SSDEEP

3072:ppsDeADOT3G7hzke0NamrHbrE9c1N4YL9ACpRtb:pu6AD83GJke0NnbPgyN409ACvtb

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  9978c17ddf26ef27c1a7eaca4b349e26_JaffaCakes118
- Size
  
  184KB
- MD5
  
  9978c17ddf26ef27c1a7eaca4b349e26
- SHA1
  
  c21f3829d69ebd12a6171be07b84b35d5500df5b
- SHA256
  
  2d1d65750e1cc8a400ff99d1f3bb3a060235d6f8ef8c35ff4f876215e83e44a0
- SHA512
  
  1cf0f826eb4852673fb23924d216dacf00bf452e1c4b22cb96bcc3fca1201475fb6fe8366dceac9907d33ea9331ca35b3e07850e1e1bedf7cc9468d6420b3370
- SSDEEP
  
  3072:ppsDeADOT3G7hzke0NamrHbrE9c1N4YL9ACpRtb:pu6AD83GJke0NnbPgyN409ACvtb
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan