smokeloader | 7e576508202560b3945d7093c8e078c3b235a3412f8f8e029b12677c584d6518

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-09-2024 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f813fe276d4242c073089e64a4703979_JaffaCakes118.exe
Size

158KB
MD5

f813fe276d4242c073089e64a4703979
SHA1

6e7ed87b3c592fd98a366c198508446387f34f90
SHA256

7e576508202560b3945d7093c8e078c3b235a3412f8f8e029b12677c584d6518
SHA512

5e297c8c41da606d1b9801504d5d790295e05b89f64a64ae18ef573f5956ee32c449bfdeb28d18e3f4d60e619cc01b4ae8a27b0c6fc869228828a433a4211038
SSDEEP

3072:21WyvEsvgNGcYradUEfMBN79gdHMxGF6:ubEs4NFgvEfE3z

Score

10^/10

smokeloader backdoor trojan

Malware Config

Signatures

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	f813fe276d4242c073089e64a4703979_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	f813fe276d4242c073089e64a4703979_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\f813fe276d4242c073089e64a4703979_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f813fe276d4242c073089e64a4703979_JaffaCakes118.exe"
1⤵
- Maps connected drives based on registry
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2444-1-0x0000000000550000-0x0000000000650000-memory.dmp

Filesize
1024KB

Download
memory/2444-3-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2444-4-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2444-5-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download