smokeloader | 8caf44a67715df70ee4be89fcfbb519a18448f08819b5f3d672ce602dd9a93d3 | Triage

Sharing

General

Target

df58bbcfa06f58afeca7eb93d02a57ab_JaffaCakes118
Size

335KB
Sample

240914-c8fwtstemg
MD5

df58bbcfa06f58afeca7eb93d02a57ab
SHA1

872586ca0e0ed043a64c884faef7bcbb4fd8baf0
SHA256

8caf44a67715df70ee4be89fcfbb519a18448f08819b5f3d672ce602dd9a93d3
SHA512

d684dfee9f0a6ace4198fc8f84b31207905f22631cd6ec7b5315af3ad7d5e0273237c91db7e242faf6d593d42c6997a1e99b587f92d97372ec92277d6b6287db
SSDEEP

6144:A//CluW8zaYMOZjlRRfCq55er615sB3ov7IsHcAIAf+0vgTzq6W:a/nI4Xa/r+zGlAf+04Tzq6W

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  df58bbcfa06f58afeca7eb93d02a57ab_JaffaCakes118
- Size
  
  335KB
- MD5
  
  df58bbcfa06f58afeca7eb93d02a57ab
- SHA1
  
  872586ca0e0ed043a64c884faef7bcbb4fd8baf0
- SHA256
  
  8caf44a67715df70ee4be89fcfbb519a18448f08819b5f3d672ce602dd9a93d3
- SHA512
  
  d684dfee9f0a6ace4198fc8f84b31207905f22631cd6ec7b5315af3ad7d5e0273237c91db7e242faf6d593d42c6997a1e99b587f92d97372ec92277d6b6287db
- SSDEEP
  
  6144:A//CluW8zaYMOZjlRRfCq55er615sB3ov7IsHcAIAf+0vgTzq6W:a/nI4Xa/r+zGlAf+04Tzq6W
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan