smokeloader | ec1bb6bff870c09a5ec70f9c9a36f2f647d7599b66efca2deaa3fc03eedd37ac | Triage

Sharing

General

Target

f428c140c06fb318129aa4d75f1cde3e_JaffaCakes118
Size

372KB
Sample

240924-v3ka6syfpa
MD5

f428c140c06fb318129aa4d75f1cde3e
SHA1

14659e77f6e201474ae89ddf35a913db16004b3a
SHA256

ec1bb6bff870c09a5ec70f9c9a36f2f647d7599b66efca2deaa3fc03eedd37ac
SHA512

6aa3956bbec8214ac9be143773a50e1d4a8225f39ed63d2eaee6bf63a7f8919cf73f4f238f9af3718d3f729472bc421eab01b48739817d5b07cfaf2e8872de49
SSDEEP

6144:q//CluW8GaYMOZjlRhCqbecN9619EE23SrPPssxOzX2oQkzeuNu7d4:U/nL4WId+RDvrT7d4

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  f428c140c06fb318129aa4d75f1cde3e_JaffaCakes118
- Size
  
  372KB
- MD5
  
  f428c140c06fb318129aa4d75f1cde3e
- SHA1
  
  14659e77f6e201474ae89ddf35a913db16004b3a
- SHA256
  
  ec1bb6bff870c09a5ec70f9c9a36f2f647d7599b66efca2deaa3fc03eedd37ac
- SHA512
  
  6aa3956bbec8214ac9be143773a50e1d4a8225f39ed63d2eaee6bf63a7f8919cf73f4f238f9af3718d3f729472bc421eab01b48739817d5b07cfaf2e8872de49
- SSDEEP
  
  6144:q//CluW8GaYMOZjlRhCqbecN9619EE23SrPPssxOzX2oQkzeuNu7d4:U/nL4WId+RDvrT7d4
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan