smokeloader | 7984865f4df4f3569df5096b7a2b6bf03f070a9ef5fb6e46d3365e40e2f92a01 | Triage

Sharing

General

Target

e092c290ecbe05b96a01a8557d202191_JaffaCakes118
Size

180KB
Sample

241211-j2gm4synhq
MD5

e092c290ecbe05b96a01a8557d202191
SHA1

81ce24f7af893885025cb184de98da3bee563169
SHA256

7984865f4df4f3569df5096b7a2b6bf03f070a9ef5fb6e46d3365e40e2f92a01
SHA512

8dc9553013af612b8b5099bdeff2eaf021a2369298428460e4a349220c8db912e3a34f45eba9fbd89e9ea96f5d672d0eb9a9373b497130206bc5e3b4de963799
SSDEEP

3072:aCLfs/WwaeUQungr6RRsMEXh1FBgXNgVRq8a4ROJB0fCZA9:aCLfKl4RPLOROJB0fCi

Score

10^/10

smokeloader 0708 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

0708

Targets

- Target
  
  e092c290ecbe05b96a01a8557d202191_JaffaCakes118
- Size
  
  180KB
- MD5
  
  e092c290ecbe05b96a01a8557d202191
- SHA1
  
  81ce24f7af893885025cb184de98da3bee563169
- SHA256
  
  7984865f4df4f3569df5096b7a2b6bf03f070a9ef5fb6e46d3365e40e2f92a01
- SHA512
  
  8dc9553013af612b8b5099bdeff2eaf021a2369298428460e4a349220c8db912e3a34f45eba9fbd89e9ea96f5d672d0eb9a9373b497130206bc5e3b4de963799
- SSDEEP
  
  3072:aCLfs/WwaeUQungr6RRsMEXh1FBgXNgVRq8a4ROJB0fCZA9:aCLfKl4RPLOROJB0fCi
Score

10^/10

smokeloader 0708 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader0708backdoordiscoverytrojan

behavioral2

smokeloader0708backdoordiscoverytrojan