smokeloader | dd5fa7ff218880e8053ea9eeff20caf01cb0e5591418cd4f9bab457cbf83a565 | Triage

Sharing

General

Target

fc16d9bb1de491fc780f83115f17b06a_JaffaCakes118
Size

180KB
Sample

240928-mdyhhazhmj
MD5

fc16d9bb1de491fc780f83115f17b06a
SHA1

557a0eb570a6e4f2d0d5b41902a232794b78da22
SHA256

dd5fa7ff218880e8053ea9eeff20caf01cb0e5591418cd4f9bab457cbf83a565
SHA512

4d7df890f8fdc9618530b592fb5222df415a6e53be11f2523cc659ad81fc01d473fa9f4752ac973516d7c71baaed701400b69cb5ac5e1626c6d3ed626e82ca76
SSDEEP

3072:A8VmgyrJT6+3kj7tz7K4V3lmZnuTJCwdbsWZ2b9cBUrO11ksB+E5:A8V+nO7hVFsQbCb9YFGsB+K

Score

10^/10

smokeloader li11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Targets

- Target
  
  fc16d9bb1de491fc780f83115f17b06a_JaffaCakes118
- Size
  
  180KB
- MD5
  
  fc16d9bb1de491fc780f83115f17b06a
- SHA1
  
  557a0eb570a6e4f2d0d5b41902a232794b78da22
- SHA256
  
  dd5fa7ff218880e8053ea9eeff20caf01cb0e5591418cd4f9bab457cbf83a565
- SHA512
  
  4d7df890f8fdc9618530b592fb5222df415a6e53be11f2523cc659ad81fc01d473fa9f4752ac973516d7c71baaed701400b69cb5ac5e1626c6d3ed626e82ca76
- SSDEEP
  
  3072:A8VmgyrJT6+3kj7tz7K4V3lmZnuTJCwdbsWZ2b9cBUrO11ksB+E5:A8V+nO7hVFsQbCb9YFGsB+K
Score

10^/10

smokeloader li11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderli11backdoordiscoverytrojan

behavioral2

smokeloaderli11backdoordiscoverytrojan