smokeloader | 3c8c76af58660f08e621d30c8a1debb0396012aca038122f3bf7044b27f33d71 | Triage

Sharing

General

Target

2024-08-25_4fc4ffab97945fa06d5695b89f79bc5b_karagany_mafia
Size

147KB
Sample

240825-ng3r3a1hnc
MD5

4fc4ffab97945fa06d5695b89f79bc5b
SHA1

f53f97926ec09e6e28fce27be0882a42c5655298
SHA256

3c8c76af58660f08e621d30c8a1debb0396012aca038122f3bf7044b27f33d71
SHA512

33e041560bf02866596a1e3adfdcea20db4f5bdee0153d35816988c13b6d9977f60cb1569278c43443bd84ba3197715725d80058affe780e9a7f3e1c411af885
SSDEEP

3072:rbB+8HlO55ZXIGPgWtNpykMZEsWFH+LeICAxHxyq:/EjXM+zH+iPAf

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  2024-08-25_4fc4ffab97945fa06d5695b89f79bc5b_karagany_mafia
- Size
  
  147KB
- MD5
  
  4fc4ffab97945fa06d5695b89f79bc5b
- SHA1
  
  f53f97926ec09e6e28fce27be0882a42c5655298
- SHA256
  
  3c8c76af58660f08e621d30c8a1debb0396012aca038122f3bf7044b27f33d71
- SHA512
  
  33e041560bf02866596a1e3adfdcea20db4f5bdee0153d35816988c13b6d9977f60cb1569278c43443bd84ba3197715725d80058affe780e9a7f3e1c411af885
- SSDEEP
  
  3072:rbB+8HlO55ZXIGPgWtNpykMZEsWFH+LeICAxHxyq:/EjXM+zH+iPAf
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan