smokeloader | d1672b2acf45bb63f76e3567e94e618c5ac55b286218f213578bee57589711a9 | Triage

Analysis

max time kernel
15s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24/11/2024, 14:15

Sharing

Report Analysis Logs

General

Target

95334393284a182c79c0f413ba0e747f_JaffaCakes118.exe
Size

240KB
MD5

95334393284a182c79c0f413ba0e747f
SHA1

7fc700da6ebac410d3d714bb8416a49c7bba71e8
SHA256

d1672b2acf45bb63f76e3567e94e618c5ac55b286218f213578bee57589711a9
SHA512

6a6d178b2b48f8c5831a3ae436395c660ec5528715fb869c29db341dfe0ec62733e253f497250fe1ce3f4cde4905fe006edf6e7d3999d09384775059adc1d376
SSDEEP

3072:VIb59qNB+YKra4utPTs/f0alO7yEVMaBBoIdQWutPrr511TmdR:V6PhYKrTgTs/sRBoIdQW4m

Score

10^/10

smokeloader pub2 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Signatures

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Smokeloader family
smokeloader

C:\Users\Admin\AppData\Local\Temp\95334393284a182c79c0f413ba0e747f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\95334393284a182c79c0f413ba0e747f_JaffaCakes118.exe"
1⤵
PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2600-1-0x00000000009F0000-0x0000000000AF0000-memory.dmp

Filesize
1024KB

Download
memory/2600-3-0x0000000000400000-0x000000000086C000-memory.dmp

Filesize
4.4MB

Download
memory/2600-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2600-4-0x0000000000400000-0x000000000086C000-memory.dmp

Filesize
4.4MB

Download
memory/2600-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download