smokeloader | 6b298fedb860e729c2884c6c91101b4bdf550a474ca7426343e28ef0360bc7bd | Triage

Sharing

General

Target

d317fc07fd2680670252ad9f9079f33a_JaffaCakes118
Size

142KB
Sample

240907-3yx1gaseml
MD5

d317fc07fd2680670252ad9f9079f33a
SHA1

703b9c3dfaaafd20b91afe68a44e16286597fe8f
SHA256

6b298fedb860e729c2884c6c91101b4bdf550a474ca7426343e28ef0360bc7bd
SHA512

411894f88b67e995d2b2caa37a53c36926f100997d6ec19b42324bbfd6b589c6a3e809d132d7beea4e89d14d8d8f2d0ab6b7a335a9cc318fcb7eaee690d790df
SSDEEP

1536:jxvKp2F96u3XP/YOPwv44yG5ZjpynzQLzo7SrMa3FK4LA8Q5jVONELlvrwV3p8HU:/fRP/YlgzQLDIYY5jVGELBrw2HFD6v

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  d317fc07fd2680670252ad9f9079f33a_JaffaCakes118
- Size
  
  142KB
- MD5
  
  d317fc07fd2680670252ad9f9079f33a
- SHA1
  
  703b9c3dfaaafd20b91afe68a44e16286597fe8f
- SHA256
  
  6b298fedb860e729c2884c6c91101b4bdf550a474ca7426343e28ef0360bc7bd
- SHA512
  
  411894f88b67e995d2b2caa37a53c36926f100997d6ec19b42324bbfd6b589c6a3e809d132d7beea4e89d14d8d8f2d0ab6b7a335a9cc318fcb7eaee690d790df
- SSDEEP
  
  1536:jxvKp2F96u3XP/YOPwv44yG5ZjpynzQLzo7SrMa3FK4LA8Q5jVONELlvrwV3p8HU:/fRP/YlgzQLDIYY5jVGELBrw2HFD6v
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan