smokeloader | 2419a0ea227385f1bf1cd5c31bc40ed7908db7eafa9d746dc171f5ffcbaad4cb | Triage

Sharing

General

Target

be43186361b4cc5d9cbd5366d199cce6_JaffaCakes118
Size

152KB
Sample

240824-kwy6mssdra
MD5

be43186361b4cc5d9cbd5366d199cce6
SHA1

5a78d7ea8d88d53fa7ca53e300fe62a61d6a386c
SHA256

2419a0ea227385f1bf1cd5c31bc40ed7908db7eafa9d746dc171f5ffcbaad4cb
SHA512

4696a85934153d1bf441699fc04c3c547724d66e90b59b48ba2c652fe2fdbf55efacedeadd72425ab127285636562b612388ee60edc0d8d539e77732b90d4739
SSDEEP

3072:c5rJz5uUl00K1PO/kvRPe0oYr5vFIOckF+v:c5rhITD5tPLF+

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  be43186361b4cc5d9cbd5366d199cce6_JaffaCakes118
- Size
  
  152KB
- MD5
  
  be43186361b4cc5d9cbd5366d199cce6
- SHA1
  
  5a78d7ea8d88d53fa7ca53e300fe62a61d6a386c
- SHA256
  
  2419a0ea227385f1bf1cd5c31bc40ed7908db7eafa9d746dc171f5ffcbaad4cb
- SHA512
  
  4696a85934153d1bf441699fc04c3c547724d66e90b59b48ba2c652fe2fdbf55efacedeadd72425ab127285636562b612388ee60edc0d8d539e77732b90d4739
- SSDEEP
  
  3072:c5rJz5uUl00K1PO/kvRPe0oYr5vFIOckF+v:c5rhITD5tPLF+
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan