smokeloader | 3f2e2c8457337992953917467e648b1df4a527c11dbb3fb386626e886d610d24 | Triage

Sharing

General

Target

f8aaff0cfd9eba38e5dada958fef8aa7_JaffaCakes118
Size

207KB
Sample

240926-swqs9svbjk
MD5

f8aaff0cfd9eba38e5dada958fef8aa7
SHA1

542eb8495496817064901bd64d008ee4b020d617
SHA256

3f2e2c8457337992953917467e648b1df4a527c11dbb3fb386626e886d610d24
SHA512

7039c12a6896e26028609b78b719f3e619baef3b1c680feb9ecd02dac7caf6c0a8f2e8742a459a7aff1a73f30842755d4019b16c721ab22bef2c0dcb29bb5b95
SSDEEP

3072:7npqOXU9EhrBwIArBNr3Fxrai6WgWFweMI9iTCmBQlY+Z+csCyyMxQkkVJh/1SeL:FqOXUKqTK3lumCW+Z+c18Qk2JhNSeG6

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  f8aaff0cfd9eba38e5dada958fef8aa7_JaffaCakes118
- Size
  
  207KB
- MD5
  
  f8aaff0cfd9eba38e5dada958fef8aa7
- SHA1
  
  542eb8495496817064901bd64d008ee4b020d617
- SHA256
  
  3f2e2c8457337992953917467e648b1df4a527c11dbb3fb386626e886d610d24
- SHA512
  
  7039c12a6896e26028609b78b719f3e619baef3b1c680feb9ecd02dac7caf6c0a8f2e8742a459a7aff1a73f30842755d4019b16c721ab22bef2c0dcb29bb5b95
- SSDEEP
  
  3072:7npqOXU9EhrBwIArBNr3Fxrai6WgWFweMI9iTCmBQlY+Z+csCyyMxQkkVJh/1SeL:FqOXUKqTK3lumCW+Z+c18Qk2JhNSeG6
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan