smokeloader | 8951fe27c483cdf876cb6c82a97f707bebd4945406498a8f2301cbc31c5d25b5 | Triage

Sharing

General

Target

ce074be2d268034d838fd2a607941873_JaffaCakes118
Size

128KB
Sample

241206-t8mg2sxkcx
MD5

ce074be2d268034d838fd2a607941873
SHA1

2cfa9a5fd514dbe3080ebe067df0a3d4d4875ff4
SHA256

8951fe27c483cdf876cb6c82a97f707bebd4945406498a8f2301cbc31c5d25b5
SHA512

68c6cfe2b789e7fee7c6aeaa2425e8fb502bcb7e4e0030fdad13ee0e79d299a4a0451bc2933124c55c4f81cd7dad7ab6a826e10c3e1c25f917eb9afe24d17c7e
SSDEEP

3072:p5qyy+GbVOoGaNB0dpS/kuqfPxBzvcrzO:pUBsYB0pcqfJBwO

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  ce074be2d268034d838fd2a607941873_JaffaCakes118
- Size
  
  128KB
- MD5
  
  ce074be2d268034d838fd2a607941873
- SHA1
  
  2cfa9a5fd514dbe3080ebe067df0a3d4d4875ff4
- SHA256
  
  8951fe27c483cdf876cb6c82a97f707bebd4945406498a8f2301cbc31c5d25b5
- SHA512
  
  68c6cfe2b789e7fee7c6aeaa2425e8fb502bcb7e4e0030fdad13ee0e79d299a4a0451bc2933124c55c4f81cd7dad7ab6a826e10c3e1c25f917eb9afe24d17c7e
- SSDEEP
  
  3072:p5qyy+GbVOoGaNB0dpS/kuqfPxBzvcrzO:pUBsYB0pcqfJBwO
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan