smokeloader | 5bb5e455c0dbbec9904b6ff6bcbe2f84250b26e791a4748abfe7d1b43d7779f6 | Triage

Sharing

General

Target

fcd6c5624f60ca8f13205970d561ba75_JaffaCakes118
Size

139KB
Sample

240928-whpwla1enc
MD5

fcd6c5624f60ca8f13205970d561ba75
SHA1

781989f4c433f7ad75baef68c7c84bcd7e411663
SHA256

5bb5e455c0dbbec9904b6ff6bcbe2f84250b26e791a4748abfe7d1b43d7779f6
SHA512

d8c20c80de60cc53a451f97395590b948509ca2195cc9b5c071fd8014528d6b063d8d1717723acca27eebdc4ededa3ffb5d77dc41c9d5a64d50e7f5557b08797
SSDEEP

1536:Ywiapb3W4+1nQSS5+iElH1iJxjLR9+ZkwIkLZyVgshc6Zb2NhXG1k4JJ4IOiRv2:x/LElorigGyWCK3iRv2

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  fcd6c5624f60ca8f13205970d561ba75_JaffaCakes118
- Size
  
  139KB
- MD5
  
  fcd6c5624f60ca8f13205970d561ba75
- SHA1
  
  781989f4c433f7ad75baef68c7c84bcd7e411663
- SHA256
  
  5bb5e455c0dbbec9904b6ff6bcbe2f84250b26e791a4748abfe7d1b43d7779f6
- SHA512
  
  d8c20c80de60cc53a451f97395590b948509ca2195cc9b5c071fd8014528d6b063d8d1717723acca27eebdc4ededa3ffb5d77dc41c9d5a64d50e7f5557b08797
- SSDEEP
  
  1536:Ywiapb3W4+1nQSS5+iElH1iJxjLR9+ZkwIkLZyVgshc6Zb2NhXG1k4JJ4IOiRv2:x/LElorigGyWCK3iRv2
Score

10^/10

smokeloader pub1 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan