smokeloader | 0cac1630f56f25462bfc12aeeeb52d4eb515783c5cba8fd74d715e2e46adaca6 | Triage

Sharing

General

Target

f083955b9819bd51d2a27efab3193a3d_JaffaCakes118
Size

128KB
Sample

240921-ytfhea1clj
MD5

f083955b9819bd51d2a27efab3193a3d
SHA1

b7585c6134264a8543b44f4567478ff43430079c
SHA256

0cac1630f56f25462bfc12aeeeb52d4eb515783c5cba8fd74d715e2e46adaca6
SHA512

793c49aa5bb19dd4541d6608dc67a1d832809300c349ca3e664f3aaed596003ed7035769b801c84e96d263679e6777116ae322a031784934574403a164e80e3b
SSDEEP

1536:MsHLY4OvRmI/9lMcRoocY0qqgE0Ka92ZE/PvrYXO+wHv8FEPRyUQn:NHLaIS9lMZY1FE0huUPvuOPP8FEPRyp

Score

10^/10

smokeloader 0510 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0510

Targets

- Target
  
  f083955b9819bd51d2a27efab3193a3d_JaffaCakes118
- Size
  
  128KB
- MD5
  
  f083955b9819bd51d2a27efab3193a3d
- SHA1
  
  b7585c6134264a8543b44f4567478ff43430079c
- SHA256
  
  0cac1630f56f25462bfc12aeeeb52d4eb515783c5cba8fd74d715e2e46adaca6
- SHA512
  
  793c49aa5bb19dd4541d6608dc67a1d832809300c349ca3e664f3aaed596003ed7035769b801c84e96d263679e6777116ae322a031784934574403a164e80e3b
- SSDEEP
  
  1536:MsHLY4OvRmI/9lMcRoocY0qqgE0Ka92ZE/PvrYXO+wHv8FEPRyUQn:NHLaIS9lMZY1FE0huUPvuOPP8FEPRyp
Score

10^/10

smokeloader 0510 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0510backdoordiscoverytrojan

behavioral2

smokeloader0510backdoordiscoverytrojan