smokeloader | 997499f31dad747c5fb8258b729752c920af63fba6d0f1bd219a8300c3c23feb | Triage

Sharing

General

Target

b8e04f3b9b2d02a74160b5caf3d97920_JaffaCakes118
Size

180KB
Sample

241202-ssy1gavpap
MD5

b8e04f3b9b2d02a74160b5caf3d97920
SHA1

a2f3e098063f88753b67757a604d3e7ad488011b
SHA256

997499f31dad747c5fb8258b729752c920af63fba6d0f1bd219a8300c3c23feb
SHA512

a6729a7200dfeed2ca3ea4a3405238d6cf252f796ddef9872d74e69ad555b0fe48dff0c2d73c779d0b802416ece6af25ee4e808eaa675ed5728dac2d0f75f97c
SSDEEP

3072:SSLtqYgNpY33ngrcbPN63otSTCCB6RD8a4ROj4CZA9:SSLaz4bl63s8AORO8Ci

Score

10^/10

smokeloader 0708 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Targets

- Target
  
  b8e04f3b9b2d02a74160b5caf3d97920_JaffaCakes118
- Size
  
  180KB
- MD5
  
  b8e04f3b9b2d02a74160b5caf3d97920
- SHA1
  
  a2f3e098063f88753b67757a604d3e7ad488011b
- SHA256
  
  997499f31dad747c5fb8258b729752c920af63fba6d0f1bd219a8300c3c23feb
- SHA512
  
  a6729a7200dfeed2ca3ea4a3405238d6cf252f796ddef9872d74e69ad555b0fe48dff0c2d73c779d0b802416ece6af25ee4e808eaa675ed5728dac2d0f75f97c
- SSDEEP
  
  3072:SSLtqYgNpY33ngrcbPN63otSTCCB6RD8a4ROj4CZA9:SSLaz4bl63s8AORO8Ci
Score

10^/10

smokeloader 0708 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0708backdoordiscoverytrojan

behavioral2

smokeloader0708backdoordiscoverytrojan