smokeloader | 2fc2f0c7e52c957df4bb997090c0167a0d388f1a8ddb3b61a20cb1a31c61f82e | Triage

Sharing

General

Target

ed19e458dc110536aa306a62f8039991_JaffaCakes118
Size

135KB
Sample

240920-h89rssvdjg
MD5

ed19e458dc110536aa306a62f8039991
SHA1

a12c6be1cb9424728e4d00a969c06b61318bc1bb
SHA256

2fc2f0c7e52c957df4bb997090c0167a0d388f1a8ddb3b61a20cb1a31c61f82e
SHA512

a007340b2e563549b42fb0776f13601965c3564172f8fd78bda52d4cddda4e455efaa920c3939496e8433baf69c1e00d6fd5118833b702f0aa8ade2e2d49d672
SSDEEP

3072:Kk1heKZtKLQeGNxQ8PQ/q6zs1DgNNDfB5EN7:TcdLQL3Qi6q6wJU9IN7

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  ed19e458dc110536aa306a62f8039991_JaffaCakes118
- Size
  
  135KB
- MD5
  
  ed19e458dc110536aa306a62f8039991
- SHA1
  
  a12c6be1cb9424728e4d00a969c06b61318bc1bb
- SHA256
  
  2fc2f0c7e52c957df4bb997090c0167a0d388f1a8ddb3b61a20cb1a31c61f82e
- SHA512
  
  a007340b2e563549b42fb0776f13601965c3564172f8fd78bda52d4cddda4e455efaa920c3939496e8433baf69c1e00d6fd5118833b702f0aa8ade2e2d49d672
- SSDEEP
  
  3072:Kk1heKZtKLQeGNxQ8PQ/q6zs1DgNNDfB5EN7:TcdLQL3Qi6q6wJU9IN7
Score

10^/10

smokeloader pub3 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoortrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan