smokeloader | 0c6eaec4a2dc0d8245e7055d3b71f48bf7853b5d46e174d9a95b0496e8e5c1e7 | Triage

Sharing

General

Target

cc7176ea154662e07f5b53668970babd_JaffaCakes118
Size

181KB
Sample

240831-jre2jatalp
MD5

cc7176ea154662e07f5b53668970babd
SHA1

b0ff3cd329604b8e5caaea4511f1247de3132f6c
SHA256

0c6eaec4a2dc0d8245e7055d3b71f48bf7853b5d46e174d9a95b0496e8e5c1e7
SHA512

449838eb4ea24abf30ad12eca653c4c7fe1e22bb3c74d8020c94fa0679ce6a08d39771a4e368e232a33e55955fd9dfe796a397d9e6361addd6c55fc1231efd1b
SSDEEP

3072:rClsldPanpTJVaptTsCYwyke06guaP+bddjdmaPIM6rYaU:rCyldanHVcTbYNke067am4aPID

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  cc7176ea154662e07f5b53668970babd_JaffaCakes118
- Size
  
  181KB
- MD5
  
  cc7176ea154662e07f5b53668970babd
- SHA1
  
  b0ff3cd329604b8e5caaea4511f1247de3132f6c
- SHA256
  
  0c6eaec4a2dc0d8245e7055d3b71f48bf7853b5d46e174d9a95b0496e8e5c1e7
- SHA512
  
  449838eb4ea24abf30ad12eca653c4c7fe1e22bb3c74d8020c94fa0679ce6a08d39771a4e368e232a33e55955fd9dfe796a397d9e6361addd6c55fc1231efd1b
- SSDEEP
  
  3072:rClsldPanpTJVaptTsCYwyke06guaP+bddjdmaPIM6rYaU:rCyldanHVcTbYNke067am4aPID
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan