smokeloader | 658964637fa25bd94c1e6261141f7e89ae1b0608c71e8d0eb4c83b841539a449 | Triage

Sharing

General

Target

d0d5c13abbe0cf64d1874f2a0a4d4399_JaffaCakes118
Size

183KB
Sample

240907-cbex9syhnq
MD5

d0d5c13abbe0cf64d1874f2a0a4d4399
SHA1

13c58605fe08654c444fc5f703ae7c9d338ed5bb
SHA256

658964637fa25bd94c1e6261141f7e89ae1b0608c71e8d0eb4c83b841539a449
SHA512

310f5dbe4fdb3aa5a149ed50c18b95a10c5bd6bc3fa0c5dd20ff970ef1c964bcfc68d338150b5c859540738b11f290af6325c93e0029016112aeb7cfd4d3bd49
SSDEEP

3072:rwsldPaDOTOd4LvNVGnfcvWwe0Wrinl7UBtnXiqmWPPX:rVldaD86iFVGnge0Pl7IiqmO

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  d0d5c13abbe0cf64d1874f2a0a4d4399_JaffaCakes118
- Size
  
  183KB
- MD5
  
  d0d5c13abbe0cf64d1874f2a0a4d4399
- SHA1
  
  13c58605fe08654c444fc5f703ae7c9d338ed5bb
- SHA256
  
  658964637fa25bd94c1e6261141f7e89ae1b0608c71e8d0eb4c83b841539a449
- SHA512
  
  310f5dbe4fdb3aa5a149ed50c18b95a10c5bd6bc3fa0c5dd20ff970ef1c964bcfc68d338150b5c859540738b11f290af6325c93e0029016112aeb7cfd4d3bd49
- SSDEEP
  
  3072:rwsldPaDOTOd4LvNVGnfcvWwe0Wrinl7UBtnXiqmWPPX:rVldaD86iFVGnge0Pl7IiqmO
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan