smokeloader | 650e7d8b36716d74c25d56d5dccfda619a073381d16156b1182a841ef00b6994 | Triage

Sharing

General

Target

9ac3af155a3943f98b58d46f3c01c544_JaffaCakes118
Size

267KB
Sample

240815-tzzq1swdpn
MD5

9ac3af155a3943f98b58d46f3c01c544
SHA1

1556cfb9a0b63348332e65a706c6660aa5f2e2c3
SHA256

650e7d8b36716d74c25d56d5dccfda619a073381d16156b1182a841ef00b6994
SHA512

85b9de6173d6dc8678803a4dc0c0dfdb836cac72da010d75633175ba656fd68829a15a040db3779b03d8844a1eb2be45d85ed7b5143e93c659630f6edfda8dcd
SSDEEP

6144:XKLc+bSBHOJQFWG+jt4xab1mIl6lDmOQPTZTzEnNUhY:X+bSl28WG+jUI1/l6lDsTVE

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  9ac3af155a3943f98b58d46f3c01c544_JaffaCakes118
- Size
  
  267KB
- MD5
  
  9ac3af155a3943f98b58d46f3c01c544
- SHA1
  
  1556cfb9a0b63348332e65a706c6660aa5f2e2c3
- SHA256
  
  650e7d8b36716d74c25d56d5dccfda619a073381d16156b1182a841ef00b6994
- SHA512
  
  85b9de6173d6dc8678803a4dc0c0dfdb836cac72da010d75633175ba656fd68829a15a040db3779b03d8844a1eb2be45d85ed7b5143e93c659630f6edfda8dcd
- SSDEEP
  
  6144:XKLc+bSBHOJQFWG+jt4xab1mIl6lDmOQPTZTzEnNUhY:X+bSl28WG+jUI1/l6lDsTVE
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan