smokeloader | 997c83cca0c68eecd3e4ae5db3bd318b29526b49fd19b393107ae5bac747a9ec | Triage

Sharing

General

Target

cb09bdd0ade4075655c1da3c575300da_JaffaCakes118
Size

228KB
Sample

240830-rtw2tsyfra
MD5

cb09bdd0ade4075655c1da3c575300da
SHA1

8c6bc684a24fc08fb6c164d99e2697c6fb5fa528
SHA256

997c83cca0c68eecd3e4ae5db3bd318b29526b49fd19b393107ae5bac747a9ec
SHA512

ee232a3df0c7639c82483c097db33e89b9ed9afecea52e3f5d46849af9d3d8db0aac15ea83a2eb25e6b0b573e93bb372800bf2efba721929ec396a7a168aa509
SSDEEP

6144:iFRedol4Vft6Rj8wCavKjYDna0/cA9BDHFSB7bz6S:Joy9Yh8wCLjqpBDSbz

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  cb09bdd0ade4075655c1da3c575300da_JaffaCakes118
- Size
  
  228KB
- MD5
  
  cb09bdd0ade4075655c1da3c575300da
- SHA1
  
  8c6bc684a24fc08fb6c164d99e2697c6fb5fa528
- SHA256
  
  997c83cca0c68eecd3e4ae5db3bd318b29526b49fd19b393107ae5bac747a9ec
- SHA512
  
  ee232a3df0c7639c82483c097db33e89b9ed9afecea52e3f5d46849af9d3d8db0aac15ea83a2eb25e6b0b573e93bb372800bf2efba721929ec396a7a168aa509
- SSDEEP
  
  6144:iFRedol4Vft6Rj8wCavKjYDna0/cA9BDHFSB7bz6S:Joy9Yh8wCLjqpBDSbz
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan