smokeloader | 6fa32e2ad0bfe2929dcc21d5c49a5db8ce834aa690cb8c5fcba33854b0bb0024 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17c0023d45e798a2aca1661f490bf3b1_JaffaCakes118
Size

179KB
Sample

241006-mpnsfazapr
MD5

17c0023d45e798a2aca1661f490bf3b1
SHA1

d4abe4adadcb1dd91985766f30dd40d19bf8b78b
SHA256

6fa32e2ad0bfe2929dcc21d5c49a5db8ce834aa690cb8c5fcba33854b0bb0024
SHA512

14d4643d1cb508c6491753f297743edb23ab5069167567415578a16ff8438ce99085c01eaed61cece3700e8fccb03e5e58837af0abbe59bf67ff8d0cb4ad13bd
SSDEEP

3072:yqLDAMWwGFWQCngrQRlR4UsyXFNWnRO8a4ROy2CZA9:yqLDPq8RlR4UfXuQOROy2Ci

Score

10^/10

smokeloader 0708 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Targets

- Target
  
  17c0023d45e798a2aca1661f490bf3b1_JaffaCakes118
- Size
  
  179KB
- MD5
  
  17c0023d45e798a2aca1661f490bf3b1
- SHA1
  
  d4abe4adadcb1dd91985766f30dd40d19bf8b78b
- SHA256
  
  6fa32e2ad0bfe2929dcc21d5c49a5db8ce834aa690cb8c5fcba33854b0bb0024
- SHA512
  
  14d4643d1cb508c6491753f297743edb23ab5069167567415578a16ff8438ce99085c01eaed61cece3700e8fccb03e5e58837af0abbe59bf67ff8d0cb4ad13bd
- SSDEEP
  
  3072:yqLDAMWwGFWQCngrQRlR4UsyXFNWnRO8a4ROy2CZA9:yqLDPq8RlR4UfXuQOROy2Ci
Score

10^/10

smokeloader 0708 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0708backdoordiscoverytrojan

behavioral2

smokeloader0708backdoordiscoverytrojan