smokeloader | 7b322817ab2ab0c71807e4169e41bd49954328a4f9ff10fafb16e91b9a9d1272 | Triage

Sharing

General

Target

a5a76b4bf31b1e1312c72aa0382cf64d_JaffaCakes118
Size

180KB
Sample

241127-dyvgxavkew
MD5

a5a76b4bf31b1e1312c72aa0382cf64d
SHA1

a3e9e3f2c8ddacc6ba7c818ae7533c765e06180f
SHA256

7b322817ab2ab0c71807e4169e41bd49954328a4f9ff10fafb16e91b9a9d1272
SHA512

095eaa831be7180cc3512d3a44e9752d77a5c73f01749ff381f4bccd5cc76990afd380dafb3ad2248d01f4300bc3d2eafd5098fe54a5541b1e56b33a3647f069
SSDEEP

3072:deD8VM8wtvGcZmuTDsD5N8a4ROzcLztCZA9:dBo4uAOROzcL5Ci

Score

10^/10

smokeloader 0708 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Targets

- Target
  
  a5a76b4bf31b1e1312c72aa0382cf64d_JaffaCakes118
- Size
  
  180KB
- MD5
  
  a5a76b4bf31b1e1312c72aa0382cf64d
- SHA1
  
  a3e9e3f2c8ddacc6ba7c818ae7533c765e06180f
- SHA256
  
  7b322817ab2ab0c71807e4169e41bd49954328a4f9ff10fafb16e91b9a9d1272
- SHA512
  
  095eaa831be7180cc3512d3a44e9752d77a5c73f01749ff381f4bccd5cc76990afd380dafb3ad2248d01f4300bc3d2eafd5098fe54a5541b1e56b33a3647f069
- SSDEEP
  
  3072:deD8VM8wtvGcZmuTDsD5N8a4ROzcLztCZA9:dBo4uAOROzcL5Ci
Score

10^/10

smokeloader 0708 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0708backdoordiscoverytrojan

behavioral2

smokeloader0708backdoordiscoverytrojan