smokeloader | 5888594685e28e85ea2db34e1703c7b81686065f0f84b269a2f9cb0c0bde83fd | Triage

Sharing

General

Target

ea1bb4a6465d50d8ef793f6186216c19_JaffaCakes118
Size

250KB
Sample

240918-2nwtzsxdln
MD5

ea1bb4a6465d50d8ef793f6186216c19
SHA1

f9a9bf1f3bd9eb926bd6674e1e4edd335ee8bc9c
SHA256

5888594685e28e85ea2db34e1703c7b81686065f0f84b269a2f9cb0c0bde83fd
SHA512

1b5d014e97c134e28cee23460b58a3307c09ad02f107a1a4dce3252bc5fb147da6ae44b5f88e4a3ce4bb0f93bf7cf6c63697ca22c1221141c1fbf1505de757c5
SSDEEP

6144:wJszBtTpBm6eTohDe0KA95F7IOXvW6Sv0lNhibcUrr43lLOVfoHGZb:wJszbpBm+9e0KA95FMOXe6JG43lLOVwm

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  ea1bb4a6465d50d8ef793f6186216c19_JaffaCakes118
- Size
  
  250KB
- MD5
  
  ea1bb4a6465d50d8ef793f6186216c19
- SHA1
  
  f9a9bf1f3bd9eb926bd6674e1e4edd335ee8bc9c
- SHA256
  
  5888594685e28e85ea2db34e1703c7b81686065f0f84b269a2f9cb0c0bde83fd
- SHA512
  
  1b5d014e97c134e28cee23460b58a3307c09ad02f107a1a4dce3252bc5fb147da6ae44b5f88e4a3ce4bb0f93bf7cf6c63697ca22c1221141c1fbf1505de757c5
- SSDEEP
  
  6144:wJszBtTpBm6eTohDe0KA95F7IOXvW6Sv0lNhibcUrr43lLOVfoHGZb:wJszbpBm+9e0KA95FMOXe6JG43lLOVwm
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan