smokeloader | 5af8a80f646b2d5cb567bddf0c9e0907267610310211a69cd28d708070d569a2 | Triage

Sharing

General

Target

2024-08-25_c7497b483d525b9baca75bb3066ac7f0_mafia
Size

154KB
Sample

240826-aseygsthkb
MD5

c7497b483d525b9baca75bb3066ac7f0
SHA1

f18de84a512c60f20c9cc8d7ca9eafcd0eceaa49
SHA256

5af8a80f646b2d5cb567bddf0c9e0907267610310211a69cd28d708070d569a2
SHA512

7a2058ce528be5325ed341c2beeaa338f0b02da009961484fd221a6eab3584b36912614b0e9bbb5972ecbbc2813a01aa6d77eac16d7a3d36f91e26858af6904b
SSDEEP

3072:ghKKUaOlhLwGYSy/Jq6CEFVAu8qk+5NmmFL5E0MdLPN:oK9aOlh6t/0+5NlobN

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  2024-08-25_c7497b483d525b9baca75bb3066ac7f0_mafia
- Size
  
  154KB
- MD5
  
  c7497b483d525b9baca75bb3066ac7f0
- SHA1
  
  f18de84a512c60f20c9cc8d7ca9eafcd0eceaa49
- SHA256
  
  5af8a80f646b2d5cb567bddf0c9e0907267610310211a69cd28d708070d569a2
- SHA512
  
  7a2058ce528be5325ed341c2beeaa338f0b02da009961484fd221a6eab3584b36912614b0e9bbb5972ecbbc2813a01aa6d77eac16d7a3d36f91e26858af6904b
- SSDEEP
  
  3072:ghKKUaOlhLwGYSy/Jq6CEFVAu8qk+5NmmFL5E0MdLPN:oK9aOlh6t/0+5NlobN
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan