smokeloader | 7ef7fe8265c321b76af29408f9c84fead5da1da198f33b86e585c4183b979ff6 | Triage

Sharing

General

Target

d84222f6206ae8690518d76150ed7fec_JaffaCakes118
Size

173KB
Sample

240910-pc184svfjg
MD5

d84222f6206ae8690518d76150ed7fec
SHA1

2ed781d1216fb18a0508dada2dbd044a8073f183
SHA256

7ef7fe8265c321b76af29408f9c84fead5da1da198f33b86e585c4183b979ff6
SHA512

fd487186d231efecd309089941927d39a381dae1594dcb40e6e6c5df7a06f7318280eddb9d9983f268c780a35b533d193017662fe5b847a6ba02b65760bc4982
SSDEEP

3072:sYgyNPG5hYFU9NQ8irflXP4HRIYtSpVntPZl92KMO8u2rC2pOqr0Zn:s/yNO5KFfh6knoKR8PEd

Score

10^/10

smokeloader fgf backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

fgf

Targets

- Target
  
  d84222f6206ae8690518d76150ed7fec_JaffaCakes118
- Size
  
  173KB
- MD5
  
  d84222f6206ae8690518d76150ed7fec
- SHA1
  
  2ed781d1216fb18a0508dada2dbd044a8073f183
- SHA256
  
  7ef7fe8265c321b76af29408f9c84fead5da1da198f33b86e585c4183b979ff6
- SHA512
  
  fd487186d231efecd309089941927d39a381dae1594dcb40e6e6c5df7a06f7318280eddb9d9983f268c780a35b533d193017662fe5b847a6ba02b65760bc4982
- SSDEEP
  
  3072:sYgyNPG5hYFU9NQ8irflXP4HRIYtSpVntPZl92KMO8u2rC2pOqr0Zn:s/yNO5KFfh6knoKR8PEd
Score

10^/10

smokeloader backdoor trojan fgf discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloaderfgfbackdoordiscoverytrojan