smokeloader | 37d4daac17d9e9365e397eb46b67295a50c7d4b3bbe192d9a0c7597aa36976b4 | Triage

Sharing

General

Target

c576466a700a81cac0f410264b839492_JaffaCakes118
Size

354KB
Sample

240827-wq2v5avhqp
MD5

c576466a700a81cac0f410264b839492
SHA1

1bc948a6434cff9550c3fe77fdd957ca3e574754
SHA256

37d4daac17d9e9365e397eb46b67295a50c7d4b3bbe192d9a0c7597aa36976b4
SHA512

b8318ff343e5cd0db86ec4e1f1a15a01487b3b4294fcd6530b9262282f600cccc0aa3e19868ae7cb9b8577639618137d7cf7534f5cad0a8447c3be93bdec748d
SSDEEP

6144:AqWDvVSodrR2sNoBEGrEXP1SDKTpG3z0Re4eGKZsilysSlwZu:0VPKrSPJTpzPe7Flydlw

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  c576466a700a81cac0f410264b839492_JaffaCakes118
- Size
  
  354KB
- MD5
  
  c576466a700a81cac0f410264b839492
- SHA1
  
  1bc948a6434cff9550c3fe77fdd957ca3e574754
- SHA256
  
  37d4daac17d9e9365e397eb46b67295a50c7d4b3bbe192d9a0c7597aa36976b4
- SHA512
  
  b8318ff343e5cd0db86ec4e1f1a15a01487b3b4294fcd6530b9262282f600cccc0aa3e19868ae7cb9b8577639618137d7cf7534f5cad0a8447c3be93bdec748d
- SSDEEP
  
  6144:AqWDvVSodrR2sNoBEGrEXP1SDKTpG3z0Re4eGKZsilysSlwZu:0VPKrSPJTpzPe7Flydlw
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan