smokeloader | 0f2949673de86be7b16b5458c8dd256ac1b9796fb1b805125e2e6d008bbd984a | Triage

Sharing

General

Target

c2a663b94c30e4849de9371e8a8fb64d_JaffaCakes118
Size

240KB
Sample

240826-km9wsavela
MD5

c2a663b94c30e4849de9371e8a8fb64d
SHA1

3b730d41b7ce66e5d445095e350a816bdab483b8
SHA256

0f2949673de86be7b16b5458c8dd256ac1b9796fb1b805125e2e6d008bbd984a
SHA512

2742b02b46cc0aef474bdc03d218b3f5141ce8734aec2c9685235ae2770373a29acf44e6b5098580120b50b34ac9ceb7291b2f209702b9a4ee9c2b43d865f5d7
SSDEEP

3072:7b9c5abO6515lRu2kPc7amKFw5BNqXi4HdebBVH+9t1RueBxB3BNHBBSTjxduNjI:7HO6UM7amdQbM7e9YuS

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  c2a663b94c30e4849de9371e8a8fb64d_JaffaCakes118
- Size
  
  240KB
- MD5
  
  c2a663b94c30e4849de9371e8a8fb64d
- SHA1
  
  3b730d41b7ce66e5d445095e350a816bdab483b8
- SHA256
  
  0f2949673de86be7b16b5458c8dd256ac1b9796fb1b805125e2e6d008bbd984a
- SHA512
  
  2742b02b46cc0aef474bdc03d218b3f5141ce8734aec2c9685235ae2770373a29acf44e6b5098580120b50b34ac9ceb7291b2f209702b9a4ee9c2b43d865f5d7
- SSDEEP
  
  3072:7b9c5abO6515lRu2kPc7amKFw5BNqXi4HdebBVH+9t1RueBxB3BNHBBSTjxduNjI:7HO6UM7amdQbM7e9YuS
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2