smokeloader | e0bf1e5cac112a645c59f89a98a6001a6ab3b03acb4cd588018c737a169c42a2 | Triage

Sharing

General

Target

6c17569594b13e237037d65bee0bf3be_JaffaCakes118
Size

179KB
Sample

241022-14l42swhpc
MD5

6c17569594b13e237037d65bee0bf3be
SHA1

7d7425e9aa0b40ce337fec29046bf7353f7dceac
SHA256

e0bf1e5cac112a645c59f89a98a6001a6ab3b03acb4cd588018c737a169c42a2
SHA512

cfe4701f2dee2c6613fc785b95e3715749e5ecfad4afca64ee72c8685224952bd82d7fbe725fcc7f693e6e92a6880bca12f5dd06a031a5105b488266d4b3e6de
SSDEEP

3072:IDUh0JwjkUyFcy/NILs+BgCvB2rcPI1ZeCrY8EuSzQz:IDUGwj7yGy1Ms+BAcPI1NcuSzC

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  6c17569594b13e237037d65bee0bf3be_JaffaCakes118
- Size
  
  179KB
- MD5
  
  6c17569594b13e237037d65bee0bf3be
- SHA1
  
  7d7425e9aa0b40ce337fec29046bf7353f7dceac
- SHA256
  
  e0bf1e5cac112a645c59f89a98a6001a6ab3b03acb4cd588018c737a169c42a2
- SHA512
  
  cfe4701f2dee2c6613fc785b95e3715749e5ecfad4afca64ee72c8685224952bd82d7fbe725fcc7f693e6e92a6880bca12f5dd06a031a5105b488266d4b3e6de
- SSDEEP
  
  3072:IDUh0JwjkUyFcy/NILs+BgCvB2rcPI1ZeCrY8EuSzQz:IDUGwj7yGy1Ms+BAcPI1NcuSzC
Score

10^/10

smokeloader pub3 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoortrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan