smokeloader | ebdac5603410d0c7a633e42d40b7798efabde9f11cd4acf7205032b8b9306dd2 | Triage

Sharing

General

Target

7eadd2a867a51a6c6c04d812eb38b5ef_JaffaCakes118
Size

189KB
Sample

241030-lsv59askcm
MD5

7eadd2a867a51a6c6c04d812eb38b5ef
SHA1

2f0df8b35dfc9228465972d6279ffd41495743a0
SHA256

ebdac5603410d0c7a633e42d40b7798efabde9f11cd4acf7205032b8b9306dd2
SHA512

0ccee2e1bb6e5bb83c0d79613eb1d1201ebbe6c2a3e949abfe4218dc0472afb9b04ae420440a58a736163fb4838145f9a68a9e5387e48357613c44fd52a780e0
SSDEEP

3072:H20j7vYjOPNL4dq5e+HrReX6cnjTwa/N/zxJWtk0K:FvvYjOFL6+HrRgJnjTwa/RxJg

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  7eadd2a867a51a6c6c04d812eb38b5ef_JaffaCakes118
- Size
  
  189KB
- MD5
  
  7eadd2a867a51a6c6c04d812eb38b5ef
- SHA1
  
  2f0df8b35dfc9228465972d6279ffd41495743a0
- SHA256
  
  ebdac5603410d0c7a633e42d40b7798efabde9f11cd4acf7205032b8b9306dd2
- SHA512
  
  0ccee2e1bb6e5bb83c0d79613eb1d1201ebbe6c2a3e949abfe4218dc0472afb9b04ae420440a58a736163fb4838145f9a68a9e5387e48357613c44fd52a780e0
- SSDEEP
  
  3072:H20j7vYjOPNL4dq5e+HrReX6cnjTwa/N/zxJWtk0K:FvvYjOFL6+HrRgJnjTwa/RxJg
Score

10^/10

smokeloader pub1 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoortrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan