smokeloader | 4fc7cb50b4c1ecefaaddda960dbbf1d187dc9e7e87cf88cca30868dee2248e2e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffdfa369a0233eacf6eb7fb8afea78a5_JaffaCakes118
Size

117KB
Sample

240930-d3a9tswbmk
MD5

ffdfa369a0233eacf6eb7fb8afea78a5
SHA1

c992e4a5c485c035d6b93177e3afd007920cc982
SHA256

4fc7cb50b4c1ecefaaddda960dbbf1d187dc9e7e87cf88cca30868dee2248e2e
SHA512

07166cf1e427415ebc8f5e4e30040eb7a365de5fb16ad3d45788dc8608569d92cf793eb852eb1604198c83d3f4cf4b52fdfd249c61e2149158e90d197f226deb
SSDEEP

1536:Vm/l9UACWD35psYl9+2PBEadi4FCdG3rfzowWvRPSX7vz3o0/Ysit52dIbFDdY4S:Vm/TUmIcd4xPsi+dIbFDW49Foz788x

Score

10^/10

smokeloader ku11 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

ku11

Targets

- Target
  
  ffdfa369a0233eacf6eb7fb8afea78a5_JaffaCakes118
- Size
  
  117KB
- MD5
  
  ffdfa369a0233eacf6eb7fb8afea78a5
- SHA1
  
  c992e4a5c485c035d6b93177e3afd007920cc982
- SHA256
  
  4fc7cb50b4c1ecefaaddda960dbbf1d187dc9e7e87cf88cca30868dee2248e2e
- SHA512
  
  07166cf1e427415ebc8f5e4e30040eb7a365de5fb16ad3d45788dc8608569d92cf793eb852eb1604198c83d3f4cf4b52fdfd249c61e2149158e90d197f226deb
- SSDEEP
  
  1536:Vm/l9UACWD35psYl9+2PBEadi4FCdG3rfzowWvRPSX7vz3o0/Ysit52dIbFDdY4S:Vm/TUmIcd4xPsi+dIbFDW49Foz788x
Score

10^/10

smokeloader ku11 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderku11backdoordiscoverytrojan

behavioral2

smokeloaderku11backdoordiscoverytrojan