smokeloader | fd50c5076e79a64ae191411ee216d68ea8a21c610165ba1f50767d52207c05a2 | Triage

Sharing

General

Target

cb154f89c2808b4b42ac98b9a7eafcc2_JaffaCakes118
Size

133KB
Sample

240830-skf5pazgrh
MD5

cb154f89c2808b4b42ac98b9a7eafcc2
SHA1

f5de59747303b883f5dc7f6d2d547bc7be44d4ad
SHA256

fd50c5076e79a64ae191411ee216d68ea8a21c610165ba1f50767d52207c05a2
SHA512

3339264b46d9089ecdd9637f4e944ba7aa385d570cb82e10aaff5e9ef6dd9aea0ddacadc93184614cf13e48be0f94f3e78cff1c3e98285c6f0e36acbcfee9a78
SSDEEP

3072:x5KR56smB3bM/lixhTChaKvfUs0OOd/dl1CZF+W5:x5K56DBr8udKvZOdb1iF+m

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  cb154f89c2808b4b42ac98b9a7eafcc2_JaffaCakes118
- Size
  
  133KB
- MD5
  
  cb154f89c2808b4b42ac98b9a7eafcc2
- SHA1
  
  f5de59747303b883f5dc7f6d2d547bc7be44d4ad
- SHA256
  
  fd50c5076e79a64ae191411ee216d68ea8a21c610165ba1f50767d52207c05a2
- SHA512
  
  3339264b46d9089ecdd9637f4e944ba7aa385d570cb82e10aaff5e9ef6dd9aea0ddacadc93184614cf13e48be0f94f3e78cff1c3e98285c6f0e36acbcfee9a78
- SSDEEP
  
  3072:x5KR56smB3bM/lixhTChaKvfUs0OOd/dl1CZF+W5:x5K56DBr8udKvZOdb1iF+m
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan