smokeloader | fda3e128efe85af2ff29ce1657fd6d26aff37b724a308e3ff48596c8a7d795f5 | Triage

Sharing

General

Target

b0a3aa49cb254a5a30ae5551a889ab3a_JaffaCakes118
Size

293KB
Sample

240820-ytqndavcll
MD5

b0a3aa49cb254a5a30ae5551a889ab3a
SHA1

1da8ab99e7e40ab8c517b03887df4fc5f03e29af
SHA256

fda3e128efe85af2ff29ce1657fd6d26aff37b724a308e3ff48596c8a7d795f5
SHA512

2b961074152de1875712a10367d669509becea64cdcc47dde6eed3d5bdce6b9491cb6b87fbb92e392421f8d75b88593f1fade4dc89d2197866487d8ae3a1f832
SSDEEP

6144:zOYFnZO0vn6hKckwZeJ2hL5rVrjosLEja/8dKenOvpPDHxNa:DS0/6vkws41osLEGEdznOvpPrxN

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  b0a3aa49cb254a5a30ae5551a889ab3a_JaffaCakes118
- Size
  
  293KB
- MD5
  
  b0a3aa49cb254a5a30ae5551a889ab3a
- SHA1
  
  1da8ab99e7e40ab8c517b03887df4fc5f03e29af
- SHA256
  
  fda3e128efe85af2ff29ce1657fd6d26aff37b724a308e3ff48596c8a7d795f5
- SHA512
  
  2b961074152de1875712a10367d669509becea64cdcc47dde6eed3d5bdce6b9491cb6b87fbb92e392421f8d75b88593f1fade4dc89d2197866487d8ae3a1f832
- SSDEEP
  
  6144:zOYFnZO0vn6hKckwZeJ2hL5rVrjosLEja/8dKenOvpPDHxNa:DS0/6vkws41osLEGEdznOvpPrxN
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan