smokeloader | cfc34e5f72f2f5960b55cdf15d303a4a3b1922779743587d81c7de00af23f2c0 | Triage

Sharing

General

Target

b19ea68941ac6a60f6a2d98fa80c022c_JaffaCakes118
Size

181KB
Sample

241129-q2am5aylby
MD5

b19ea68941ac6a60f6a2d98fa80c022c
SHA1

e1e3166abb974f8f1194005e46f73c2eb4218ead
SHA256

cfc34e5f72f2f5960b55cdf15d303a4a3b1922779743587d81c7de00af23f2c0
SHA512

a52cbf0539df5706b286f878d328dc02e1a2111c112b77be027e6d8a6d8fadea47373484c8e7c33b64ee9a2280dd225a4c91de620f63a904a064d89e6d08d644
SSDEEP

3072:vvLNYWCYxeQLugb9MUcG2Hjn1c8b6R18a4ROTR/CZAQ:vvLA4TuuWHjaWSORON/Ci

Score

10^/10

smokeloader 0708 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Targets

- Target
  
  b19ea68941ac6a60f6a2d98fa80c022c_JaffaCakes118
- Size
  
  181KB
- MD5
  
  b19ea68941ac6a60f6a2d98fa80c022c
- SHA1
  
  e1e3166abb974f8f1194005e46f73c2eb4218ead
- SHA256
  
  cfc34e5f72f2f5960b55cdf15d303a4a3b1922779743587d81c7de00af23f2c0
- SHA512
  
  a52cbf0539df5706b286f878d328dc02e1a2111c112b77be027e6d8a6d8fadea47373484c8e7c33b64ee9a2280dd225a4c91de620f63a904a064d89e6d08d644
- SSDEEP
  
  3072:vvLNYWCYxeQLugb9MUcG2Hjn1c8b6R18a4ROTR/CZAQ:vvLA4TuuWHjaWSORON/Ci
Score

10^/10

smokeloader 0708 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0708backdoordiscoverytrojan

behavioral2

smokeloader0708backdoordiscoverytrojan