smokeloader | dd6b0f77204baf2c448d1bd97f02ad63dc9858d7b3a85ba4c5d0707908ba71fb | Triage

Sharing

General

Target

e464acd30b291ca65246d42c6116a904_JaffaCakes118
Size

122KB
Sample

240916-kktf1sycnp
MD5

e464acd30b291ca65246d42c6116a904
SHA1

65503a06ae5e8cecdbb041f2d7c8d511f822d451
SHA256

dd6b0f77204baf2c448d1bd97f02ad63dc9858d7b3a85ba4c5d0707908ba71fb
SHA512

9aaa37e7be6341a8d3424fde4aaeb6930dad3962860277b822a0a0bfaca37537ea1912df4cb0736078af19943693340fbab90a60879405158b5d838ccf716229
SSDEEP

1536:5jX9ztYedpxX6f7hGyMw40yU+6GEwOH8B8095LmrrrcvUQlJ9zDqRIb:pX9O2MZyU89Ma8a0r9QlJBDqRIb

Score

10^/10

smokeloader 1910 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

1910

Targets

- Target
  
  e464acd30b291ca65246d42c6116a904_JaffaCakes118
- Size
  
  122KB
- MD5
  
  e464acd30b291ca65246d42c6116a904
- SHA1
  
  65503a06ae5e8cecdbb041f2d7c8d511f822d451
- SHA256
  
  dd6b0f77204baf2c448d1bd97f02ad63dc9858d7b3a85ba4c5d0707908ba71fb
- SHA512
  
  9aaa37e7be6341a8d3424fde4aaeb6930dad3962860277b822a0a0bfaca37537ea1912df4cb0736078af19943693340fbab90a60879405158b5d838ccf716229
- SSDEEP
  
  1536:5jX9ztYedpxX6f7hGyMw40yU+6GEwOH8B8095LmrrrcvUQlJ9zDqRIb:pX9O2MZyU89Ma8a0r9QlJBDqRIb
Score

10^/10

smokeloader 1910 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader1910backdoordiscoverytrojan

behavioral2

smokeloader1910backdoordiscoverytrojan