smokeloader | c59af43327cc7f2c66621ba99012537446e50ca6763eb808cac175245b858709 | Triage

Sharing

General

Target

a198e3fbae74a7616d8b157b79898a7f_JaffaCakes118
Size

334KB
Sample

240817-htryfasgrc
MD5

a198e3fbae74a7616d8b157b79898a7f
SHA1

77aef8bdc4d2cebfb1c2e23f21f7f1d4699b6050
SHA256

c59af43327cc7f2c66621ba99012537446e50ca6763eb808cac175245b858709
SHA512

c57556b9d616d766836f9bdc946c345ba99c2d2de243ab8063a7eda08c79546bed098ada8f484eecbc3d822300c27f42eeeea963fffbbc77502918645d5307ba
SSDEEP

6144:5//CLJS9RRfCq1b0zs961sp4Kv3wARK2eHPqQWYWw2kM8O:R/bBaA+M4UkvqhYtM8O

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  a198e3fbae74a7616d8b157b79898a7f_JaffaCakes118
- Size
  
  334KB
- MD5
  
  a198e3fbae74a7616d8b157b79898a7f
- SHA1
  
  77aef8bdc4d2cebfb1c2e23f21f7f1d4699b6050
- SHA256
  
  c59af43327cc7f2c66621ba99012537446e50ca6763eb808cac175245b858709
- SHA512
  
  c57556b9d616d766836f9bdc946c345ba99c2d2de243ab8063a7eda08c79546bed098ada8f484eecbc3d822300c27f42eeeea963fffbbc77502918645d5307ba
- SSDEEP
  
  6144:5//CLJS9RRfCq1b0zs961sp4Kv3wARK2eHPqQWYWw2kM8O:R/bBaA+M4UkvqhYtM8O
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan