smokeloader | 60a5fe219d6e7aa920bd6684f7e34e4fb16ae3cc38e89f053e98aa7936ab91b8 | Triage

Sharing

General

Target

98c6d84ba1f1a2e26bd3099f08226f09_JaffaCakes118
Size

206KB
Sample

241125-ddsgtazqgn
MD5

98c6d84ba1f1a2e26bd3099f08226f09
SHA1

35ca7664747c11abf4aeff57fa78ad5bdf503df0
SHA256

60a5fe219d6e7aa920bd6684f7e34e4fb16ae3cc38e89f053e98aa7936ab91b8
SHA512

c790899e34e87f75db2c991ce76c6f3522d59cfe3dbdffdb2fb03ef17ac048ec09e9bca76ba51a03d47e2d3f84247bdf0db4c8bb2a4e1add80abb7c162156a8c
SSDEEP

3072:ywAEjyMmef9Uey6AotGDtZnDHlCJmbQ53tDq68ScsYh6gSVywo3c+:nocFAoQDtdQ9q6v7knGyHM

Score

10^/10

smokeloader 0708 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Targets

- Target
  
  98c6d84ba1f1a2e26bd3099f08226f09_JaffaCakes118
- Size
  
  206KB
- MD5
  
  98c6d84ba1f1a2e26bd3099f08226f09
- SHA1
  
  35ca7664747c11abf4aeff57fa78ad5bdf503df0
- SHA256
  
  60a5fe219d6e7aa920bd6684f7e34e4fb16ae3cc38e89f053e98aa7936ab91b8
- SHA512
  
  c790899e34e87f75db2c991ce76c6f3522d59cfe3dbdffdb2fb03ef17ac048ec09e9bca76ba51a03d47e2d3f84247bdf0db4c8bb2a4e1add80abb7c162156a8c
- SSDEEP
  
  3072:ywAEjyMmef9Uey6AotGDtZnDHlCJmbQ53tDq68ScsYh6gSVywo3c+:nocFAoQDtdQ9q6v7knGyHM
Score

10^/10

smokeloader 0708 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0708backdoordiscoverytrojan

behavioral2

smokeloader0708backdoordiscoverytrojan