smokeloader | d1672b2acf45bb63f76e3567e94e618c5ac55b286218f213578bee57589711a9 | Triage

Sharing

General

Target

95334393284a182c79c0f413ba0e747f_JaffaCakes118
Size

240KB
Sample

241124-rk197azkhj
MD5

95334393284a182c79c0f413ba0e747f
SHA1

7fc700da6ebac410d3d714bb8416a49c7bba71e8
SHA256

d1672b2acf45bb63f76e3567e94e618c5ac55b286218f213578bee57589711a9
SHA512

6a6d178b2b48f8c5831a3ae436395c660ec5528715fb869c29db341dfe0ec62733e253f497250fe1ce3f4cde4905fe006edf6e7d3999d09384775059adc1d376
SSDEEP

3072:VIb59qNB+YKra4utPTs/f0alO7yEVMaBBoIdQWutPrr511TmdR:V6PhYKrTgTs/sRBoIdQW4m

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  95334393284a182c79c0f413ba0e747f_JaffaCakes118
- Size
  
  240KB
- MD5
  
  95334393284a182c79c0f413ba0e747f
- SHA1
  
  7fc700da6ebac410d3d714bb8416a49c7bba71e8
- SHA256
  
  d1672b2acf45bb63f76e3567e94e618c5ac55b286218f213578bee57589711a9
- SHA512
  
  6a6d178b2b48f8c5831a3ae436395c660ec5528715fb869c29db341dfe0ec62733e253f497250fe1ce3f4cde4905fe006edf6e7d3999d09384775059adc1d376
- SSDEEP
  
  3072:VIb59qNB+YKra4utPTs/f0alO7yEVMaBBoIdQWutPrr511TmdR:V6PhYKrTgTs/sRBoIdQW4m
Score

10^/10

smokeloader pub2 backdoor trojan discovery
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoortrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan