smokeloader | 2db3e42ab192aa0d11e8652590971b14bcc86991e459ae498999b4d9825736e3 | Triage

Sharing

General

Target

f91ce56309f89421ceab1a8eadd630d3_JaffaCakes118
Size

190KB
Sample

240926-ypklkayclh
MD5

f91ce56309f89421ceab1a8eadd630d3
SHA1

d2c5001064a14a9bbf53f84eceb01733ba826911
SHA256

2db3e42ab192aa0d11e8652590971b14bcc86991e459ae498999b4d9825736e3
SHA512

92b098b481272e03de70e16af82a5da2f5e28e6384a6d1c93f7bce7a7d83b002967c3c34a48f11b5ba514e3d715c0fe2ff1a38a283556fa661a12038d6ecc0a9
SSDEEP

3072:R/sldPaDOTp9xy2LIqxbvKd9ZUXSG/cqzgjetZKYnsUT:RkldaD8p22tgPUXTtgjet4Yns

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  f91ce56309f89421ceab1a8eadd630d3_JaffaCakes118
- Size
  
  190KB
- MD5
  
  f91ce56309f89421ceab1a8eadd630d3
- SHA1
  
  d2c5001064a14a9bbf53f84eceb01733ba826911
- SHA256
  
  2db3e42ab192aa0d11e8652590971b14bcc86991e459ae498999b4d9825736e3
- SHA512
  
  92b098b481272e03de70e16af82a5da2f5e28e6384a6d1c93f7bce7a7d83b002967c3c34a48f11b5ba514e3d715c0fe2ff1a38a283556fa661a12038d6ecc0a9
- SSDEEP
  
  3072:R/sldPaDOTp9xy2LIqxbvKd9ZUXSG/cqzgjetZKYnsUT:RkldaD8p22tgPUXTtgjet4Yns
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan