smokeloader | 154dc9e9699df911ce4998900cc9fb9362d3b77f05a922c083f24b9c58a6dd87 | Triage

Sharing

General

Target

9e98369c91742701edd321076a5a16ed_JaffaCakes118
Size

179KB
Sample

240816-q1m7tsxerh
MD5

9e98369c91742701edd321076a5a16ed
SHA1

8a1e149e0e1384296fcc788af23e2e174802604b
SHA256

154dc9e9699df911ce4998900cc9fb9362d3b77f05a922c083f24b9c58a6dd87
SHA512

01335ea562fa8d5003d3c71e1693c9882a2b2f821a856b2a2f3c345dc34a782e8a00a9865f1240e48e27f298017e17d9cec43e69661140d95a074c677e2c900b
SSDEEP

3072:+oQyEiENxBgTLRSxYZpFeILokVUbl+JJqaOToaRoNUSdUCFJCLZjnl8V8CANpFUI:P+VxMjeILZG6Cr8nA5bYQC5XvHC

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  9e98369c91742701edd321076a5a16ed_JaffaCakes118
- Size
  
  179KB
- MD5
  
  9e98369c91742701edd321076a5a16ed
- SHA1
  
  8a1e149e0e1384296fcc788af23e2e174802604b
- SHA256
  
  154dc9e9699df911ce4998900cc9fb9362d3b77f05a922c083f24b9c58a6dd87
- SHA512
  
  01335ea562fa8d5003d3c71e1693c9882a2b2f821a856b2a2f3c345dc34a782e8a00a9865f1240e48e27f298017e17d9cec43e69661140d95a074c677e2c900b
- SSDEEP
  
  3072:+oQyEiENxBgTLRSxYZpFeILokVUbl+JJqaOToaRoNUSdUCFJCLZjnl8V8CANpFUI:P+VxMjeILZG6Cr8nA5bYQC5XvHC
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan