smokeloader | 301c51f5c052afa1a5cc5c2081f912644ee80c3b2da7e39fda3765a3d650e89f | Triage

Sharing

General

Target

cc52286fbd9c0dabeda1b1f2b4a7b40c_JaffaCakes118
Size

138KB
Sample

240831-glrr2ayfjm
MD5

cc52286fbd9c0dabeda1b1f2b4a7b40c
SHA1

398122a2a4ec55ea5cb0c91f079539902fb1e69d
SHA256

301c51f5c052afa1a5cc5c2081f912644ee80c3b2da7e39fda3765a3d650e89f
SHA512

4e6c5ff5c1b249990515c95ef66efbc6f5f1bd1e1e2e03ada047453f1458e9e0b87b3e052d034a78519c8d828840d9b0f1b0ed93dce0a1e9c0b3d6611113ebd8
SSDEEP

1536:tms4IzbOnzgP23xcC9S3+5t51U4u+XEzvMk6yRXZD8AFvCXe9ujlwhXw90+xsLW:t5rSn0uN9Fjl/Ez6yBFvpYl2F+xsLW

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  cc52286fbd9c0dabeda1b1f2b4a7b40c_JaffaCakes118
- Size
  
  138KB
- MD5
  
  cc52286fbd9c0dabeda1b1f2b4a7b40c
- SHA1
  
  398122a2a4ec55ea5cb0c91f079539902fb1e69d
- SHA256
  
  301c51f5c052afa1a5cc5c2081f912644ee80c3b2da7e39fda3765a3d650e89f
- SHA512
  
  4e6c5ff5c1b249990515c95ef66efbc6f5f1bd1e1e2e03ada047453f1458e9e0b87b3e052d034a78519c8d828840d9b0f1b0ed93dce0a1e9c0b3d6611113ebd8
- SSDEEP
  
  1536:tms4IzbOnzgP23xcC9S3+5t51U4u+XEzvMk6yRXZD8AFvCXe9ujlwhXw90+xsLW:t5rSn0uN9Fjl/Ez6yBFvpYl2F+xsLW
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan