smokeloader | 4958d08fea2f261b0d2208047191e970454f48d951da411a9f665f105e298e93 | Triage

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 15:55

Sharing

Report Analysis Logs

General

Target

95b48163ecdd235bd00dc5c61615fd42_JaffaCakes118.exe
Size

222KB
MD5

95b48163ecdd235bd00dc5c61615fd42
SHA1

7e437bb6a8426ddb3528f0ac338eb122e454b0a6
SHA256

4958d08fea2f261b0d2208047191e970454f48d951da411a9f665f105e298e93
SHA512

4d5b53179049d29f682444d0b975aa2fa984542d781147b294db89953bdb1e155f89e64981fc636dbba0b1ffdd559271eb4fef82f832f74601cea905c7ed474c
SSDEEP

3072:KziGywkyO480kkY0VeezllTL9UyXQO5217YWnWnCNeoBlUxQeb:Acl480A0MGTKaWWCIwuQ

Score

10^/10

smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Signatures

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Smokeloader family
smokeloader

C:\Users\Admin\AppData\Local\Temp\95b48163ecdd235bd00dc5c61615fd42_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\95b48163ecdd235bd00dc5c61615fd42_JaffaCakes118.exe"
1⤵
PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2588-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2588-2-0x0000000002CF0000-0x0000000002DF0000-memory.dmp

Filesize
1024KB

Download
memory/2588-1-0x0000000000400000-0x0000000002C6D000-memory.dmp

Filesize
40.4MB

Download
memory/2588-4-0x0000000000400000-0x0000000002C6D000-memory.dmp

Filesize
40.4MB

Download