smokeloader | 9f0d82814ddf9e5260a6d9cea55b74ddeed7dfb35b2e8fa6ff876b3fea2820f2 | Triage

Sharing

General

Target

8d4f8bfb28aed1eedf7e7a2bce022966_JaffaCakes118
Size

312KB
Sample

241103-y3gf3asncv
MD5

8d4f8bfb28aed1eedf7e7a2bce022966
SHA1

febdf7f828235c5a274aeb22dea8f2ead55bd87a
SHA256

9f0d82814ddf9e5260a6d9cea55b74ddeed7dfb35b2e8fa6ff876b3fea2820f2
SHA512

09edf4dfbbc168cfd3a1d3f51b8d86c6526bbb27fc8005a79c7c5856bb7c7bbe0fdcd2698e036490fd644c94afc32c2dfe8267ec89eca02ef0ef84d9f7b1819e
SSDEEP

6144:00gzlx/rNAjs2SOzs8PI5HNIKwoMT4Kx7lWt3Uq840:Wzl9qjs2SOhPI5HLnClWx+40

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  8d4f8bfb28aed1eedf7e7a2bce022966_JaffaCakes118
- Size
  
  312KB
- MD5
  
  8d4f8bfb28aed1eedf7e7a2bce022966
- SHA1
  
  febdf7f828235c5a274aeb22dea8f2ead55bd87a
- SHA256
  
  9f0d82814ddf9e5260a6d9cea55b74ddeed7dfb35b2e8fa6ff876b3fea2820f2
- SHA512
  
  09edf4dfbbc168cfd3a1d3f51b8d86c6526bbb27fc8005a79c7c5856bb7c7bbe0fdcd2698e036490fd644c94afc32c2dfe8267ec89eca02ef0ef84d9f7b1819e
- SSDEEP
  
  6144:00gzlx/rNAjs2SOzs8PI5HNIKwoMT4Kx7lWt3Uq840:Wzl9qjs2SOhPI5HLnClWx+40
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan