smokeloader | 9f1b0ec72857d91018a61878fb6e01ea8e4f29c35ce3b80adb59e493ea9bf3aa | Triage

Sharing

General

Target

eddc90ec1aa6932c760e524a2c275740_JaffaCakes118
Size

202KB
Sample

240920-sladjatclm
MD5

eddc90ec1aa6932c760e524a2c275740
SHA1

1cf1464316f6df60a484a8402b10a6dcd04df1c7
SHA256

9f1b0ec72857d91018a61878fb6e01ea8e4f29c35ce3b80adb59e493ea9bf3aa
SHA512

e380c3bdd4453629b86faa56de4d2ba3a0bfac931394a0f1b875c5ee4948124307ee88654881b118bc4ccf3556d03030e01f7b37176736b850923db30199111f
SSDEEP

3072:0ad55RLuHZUOHt5+SQw3z4s3q85wlagJQyobCPhWkCvx:06rLu5UAecC8E+youPDC

Score

10^/10

smokeloader 1501 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

1501

Targets

- Target
  
  eddc90ec1aa6932c760e524a2c275740_JaffaCakes118
- Size
  
  202KB
- MD5
  
  eddc90ec1aa6932c760e524a2c275740
- SHA1
  
  1cf1464316f6df60a484a8402b10a6dcd04df1c7
- SHA256
  
  9f1b0ec72857d91018a61878fb6e01ea8e4f29c35ce3b80adb59e493ea9bf3aa
- SHA512
  
  e380c3bdd4453629b86faa56de4d2ba3a0bfac931394a0f1b875c5ee4948124307ee88654881b118bc4ccf3556d03030e01f7b37176736b850923db30199111f
- SSDEEP
  
  3072:0ad55RLuHZUOHt5+SQw3z4s3q85wlagJQyobCPhWkCvx:06rLu5UAecC8E+youPDC
Score

10^/10

smokeloader 1501 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader1501backdoordiscoverytrojan

behavioral2

smokeloader1501backdoordiscoverytrojan