smokeloader | 3c7deae1df58bb1279c00265f007fab87f2c75bcdaa2294273486219d9a2c9bc | Triage

Sharing

General

Target

c65d201a58eb055956756e89e7842424_JaffaCakes118
Size

121KB
Sample

240828-hc612azepk
MD5

c65d201a58eb055956756e89e7842424
SHA1

3186cb6adc2803217caaec8ac7b2a9138f44acb1
SHA256

3c7deae1df58bb1279c00265f007fab87f2c75bcdaa2294273486219d9a2c9bc
SHA512

899f2ffc319aedb46936e09c4500dee8a466f3117fd5ad9ce672bb3a92abec007b541541e00607eb95e9c790e6d14565c47d18704e8a6cfc85e1718738af4d2e
SSDEEP

3072:oc4CWVbFj++AWaLo4MnDg/d1UsfOdabQ0sIf:oc4CWNF5A94YzOoU

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  c65d201a58eb055956756e89e7842424_JaffaCakes118
- Size
  
  121KB
- MD5
  
  c65d201a58eb055956756e89e7842424
- SHA1
  
  3186cb6adc2803217caaec8ac7b2a9138f44acb1
- SHA256
  
  3c7deae1df58bb1279c00265f007fab87f2c75bcdaa2294273486219d9a2c9bc
- SHA512
  
  899f2ffc319aedb46936e09c4500dee8a466f3117fd5ad9ce672bb3a92abec007b541541e00607eb95e9c790e6d14565c47d18704e8a6cfc85e1718738af4d2e
- SSDEEP
  
  3072:oc4CWVbFj++AWaLo4MnDg/d1UsfOdabQ0sIf:oc4CWNF5A94YzOoU
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan