smokeloader | 1659e67ea8b8d8e61b872c6fe2af2456cd1981806975cf6bb70725a04c802538 | Triage

Sharing

General

Target

f726cac9e132ce6362048def387994f7_JaffaCakes118
Size

175KB
Sample

240926-anerxswcpp
MD5

f726cac9e132ce6362048def387994f7
SHA1

4f179d535051737ba26681cca4f979e85ac3dda5
SHA256

1659e67ea8b8d8e61b872c6fe2af2456cd1981806975cf6bb70725a04c802538
SHA512

1b9d8351c9216c92b92d19f7cc4049ad686211a4168ab34b391c6843fe5b29f3af1c0fb27f3efe8f0912a7c103a51f8c2c32546479a2fb0f98c6d34eb0d1ebeb
SSDEEP

3072:2ssldPaDOTpFJW7eBgwZKYkXdVJNfU3zUP/7Oo/hmfVmt6mmr:25ldaD8pFJW7eBgg4JWo7Oo8fVmtJm

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  f726cac9e132ce6362048def387994f7_JaffaCakes118
- Size
  
  175KB
- MD5
  
  f726cac9e132ce6362048def387994f7
- SHA1
  
  4f179d535051737ba26681cca4f979e85ac3dda5
- SHA256
  
  1659e67ea8b8d8e61b872c6fe2af2456cd1981806975cf6bb70725a04c802538
- SHA512
  
  1b9d8351c9216c92b92d19f7cc4049ad686211a4168ab34b391c6843fe5b29f3af1c0fb27f3efe8f0912a7c103a51f8c2c32546479a2fb0f98c6d34eb0d1ebeb
- SSDEEP
  
  3072:2ssldPaDOTpFJW7eBgwZKYkXdVJNfU3zUP/7Oo/hmfVmt6mmr:25ldaD8pFJW7eBgg4JWo7Oo8fVmtJm
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan