smokeloader | 46acacf187e8a69d513f46bf38d1bd9844a1f1ca682086306177129d306c50e3 | Triage

Sharing

General

Target

7fda3da488e34a0fe185f81192cc2c3b_JaffaCakes118
Size

179KB
Sample

241030-tgjl3syjfn
MD5

7fda3da488e34a0fe185f81192cc2c3b
SHA1

86e1a736361a4a18ac6c1fbd4ed8ffd8515f5575
SHA256

46acacf187e8a69d513f46bf38d1bd9844a1f1ca682086306177129d306c50e3
SHA512

6f247673c8cdff3580fb5392610ef41fb8162f9672d955088a7aded6a1047ae5650c3b12c24fb03917c15d01d0b6cc76c1967b73df6713c8e996c1e845b9fd56
SSDEEP

3072:BlLW0ZKW8uxrQangrjNMNEslHfG6wA4wzf4XRW8a4ROftL5CZA9:BlLW6qW8NMJawzjOROftdCi

Score

10^/10

smokeloader 0708 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Targets

- Target
  
  7fda3da488e34a0fe185f81192cc2c3b_JaffaCakes118
- Size
  
  179KB
- MD5
  
  7fda3da488e34a0fe185f81192cc2c3b
- SHA1
  
  86e1a736361a4a18ac6c1fbd4ed8ffd8515f5575
- SHA256
  
  46acacf187e8a69d513f46bf38d1bd9844a1f1ca682086306177129d306c50e3
- SHA512
  
  6f247673c8cdff3580fb5392610ef41fb8162f9672d955088a7aded6a1047ae5650c3b12c24fb03917c15d01d0b6cc76c1967b73df6713c8e996c1e845b9fd56
- SSDEEP
  
  3072:BlLW0ZKW8uxrQangrjNMNEslHfG6wA4wzf4XRW8a4ROftL5CZA9:BlLW6qW8NMJawzjOROftdCi
Score

10^/10

smokeloader 0708 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0708backdoordiscoverytrojan

behavioral2

smokeloader0708backdoordiscoverytrojan