smokeloader | fa7483411df6daa9d8d2a295d34f70fda480cba9c50a42ac23bdcfcc12bb8dc5 | Triage

Sharing

General

Target

abf3f27bd68b82d25bd45a1791f92f0a_JaffaCakes118
Size

180KB
Sample

241128-l6caastqbt
MD5

abf3f27bd68b82d25bd45a1791f92f0a
SHA1

52566f22c8d7f0df9eb15fe9d213b2c95174b440
SHA256

fa7483411df6daa9d8d2a295d34f70fda480cba9c50a42ac23bdcfcc12bb8dc5
SHA512

d7b3535f6e06036b431de34f8ead9adff9fbfb458c2fa3fbfd6b4625b5e3d7096513bc96f5975bdeb90e65952f3abd8142bfdbc01749f4ac8b341e6f99c1dbd4
SSDEEP

3072:4CLfs/WwaeUQungr6RMwwdlDrNrRNEVR08a4ROjMCCZA9:4CLfKl4RIlZrXOROjMCCi

Score

10^/10

smokeloader 0708 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Targets

- Target
  
  abf3f27bd68b82d25bd45a1791f92f0a_JaffaCakes118
- Size
  
  180KB
- MD5
  
  abf3f27bd68b82d25bd45a1791f92f0a
- SHA1
  
  52566f22c8d7f0df9eb15fe9d213b2c95174b440
- SHA256
  
  fa7483411df6daa9d8d2a295d34f70fda480cba9c50a42ac23bdcfcc12bb8dc5
- SHA512
  
  d7b3535f6e06036b431de34f8ead9adff9fbfb458c2fa3fbfd6b4625b5e3d7096513bc96f5975bdeb90e65952f3abd8142bfdbc01749f4ac8b341e6f99c1dbd4
- SSDEEP
  
  3072:4CLfs/WwaeUQungr6RMwwdlDrNrRNEVR08a4ROjMCCZA9:4CLfKl4RIlZrXOROjMCCi
Score

10^/10

smokeloader 0708 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0708backdoordiscoverytrojan

behavioral2

smokeloader0708backdoordiscoverytrojan