smokeloader | 138d79111af4f878d637e1a8dcf7dbdd46f70527eb68908ad2f977a3554031eb | Triage

Sharing

General

Target

b5de39be28a0649ef87494a658668e13_JaffaCakes118
Size

180KB
Sample

241202-anq5yszjdt
MD5

b5de39be28a0649ef87494a658668e13
SHA1

92e28e70185243da45ee2432241a58b0d4e7fda3
SHA256

138d79111af4f878d637e1a8dcf7dbdd46f70527eb68908ad2f977a3554031eb
SHA512

2065705100b75f249a6d558342b228442785c0848e027c805e7785de954d7dce93a015e4be9d1ce80a26d5e5bb22d0b4d788ee02dea22413f35a227928608e31
SSDEEP

3072:8CLfs/WwaeUQungr6RJkSI97vs0XqVRZ8a4ROb7CZA9:8CLfKl4RJehs3OROb7Ci

Score

10^/10

smokeloader 0708 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Targets

- Target
  
  b5de39be28a0649ef87494a658668e13_JaffaCakes118
- Size
  
  180KB
- MD5
  
  b5de39be28a0649ef87494a658668e13
- SHA1
  
  92e28e70185243da45ee2432241a58b0d4e7fda3
- SHA256
  
  138d79111af4f878d637e1a8dcf7dbdd46f70527eb68908ad2f977a3554031eb
- SHA512
  
  2065705100b75f249a6d558342b228442785c0848e027c805e7785de954d7dce93a015e4be9d1ce80a26d5e5bb22d0b4d788ee02dea22413f35a227928608e31
- SSDEEP
  
  3072:8CLfs/WwaeUQungr6RJkSI97vs0XqVRZ8a4ROb7CZA9:8CLfKl4RJehs3OROb7Ci
Score

10^/10

smokeloader 0708 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0708backdoordiscoverytrojan

behavioral2

smokeloader0708backdoordiscoverytrojan