smokeloader | 59bc3ce90bcac4983793814b9cbed8aa7a27ffc0d3e6a6ed98bd3c356972f5b1 | Triage

Sharing

General

Target

8770632cef85fe456d7e233632d4fddb_JaffaCakes118
Size

240KB
Sample

241102-yrlawatfkh
MD5

8770632cef85fe456d7e233632d4fddb
SHA1

0ba6a49a2c93bb42c575b9024d83d566c03ddaa1
SHA256

59bc3ce90bcac4983793814b9cbed8aa7a27ffc0d3e6a6ed98bd3c356972f5b1
SHA512

6ce460385d79e83673a140f13a36b9dc60ee23df637a74d426edc29a587c97c7bab2fec97409628058a2cec482969a1b5f2d727cfef4a33c4d1861a646c76e82
SSDEEP

3072:hLusi8yhaN3oHIQToCO30w0al77y+Y51225RQjFAtUfOf7UGM0O4/0LC6DQt:h6/oN4HtNO30gU225JWfkryu0Q

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  8770632cef85fe456d7e233632d4fddb_JaffaCakes118
- Size
  
  240KB
- MD5
  
  8770632cef85fe456d7e233632d4fddb
- SHA1
  
  0ba6a49a2c93bb42c575b9024d83d566c03ddaa1
- SHA256
  
  59bc3ce90bcac4983793814b9cbed8aa7a27ffc0d3e6a6ed98bd3c356972f5b1
- SHA512
  
  6ce460385d79e83673a140f13a36b9dc60ee23df637a74d426edc29a587c97c7bab2fec97409628058a2cec482969a1b5f2d727cfef4a33c4d1861a646c76e82
- SSDEEP
  
  3072:hLusi8yhaN3oHIQToCO30w0al77y+Y51225RQjFAtUfOf7UGM0O4/0LC6DQt:h6/oN4HtNO30gU225JWfkryu0Q
Score

10^/10

smokeloader pub3 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoortrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan