smokeloader | 7135fb45ee4632410fdb23ea8130a291af8a8997d9e89924857a0f7d83502a40 | Triage

Sharing

General

Target

JaffaCakes118_7135fb45ee4632410fdb23ea8130a291af8a8997d9e89924857a0f7d83502a40
Size

278KB
Sample

241225-ewl87axraj
MD5

2b9adf531d59a26273a8988b0dc253ec
SHA1

fd34673bbcb30538e29082ebc0dca3f7c68ad52e
SHA256

7135fb45ee4632410fdb23ea8130a291af8a8997d9e89924857a0f7d83502a40
SHA512

dfd5d5886118f5fcd71c3e00e671b2bbc72514c52685937afb11fc4547d39d6308fc301b3bfb1714d4556c4929a106ba1731e62ebe3f01fa2de24b0d1d721721
SSDEEP

3072:AwxU7TGZ+njato4z+eqEMUpK8NB+2hXhrJcXWrxpzbgqru:AwxU7D4bnNBLhwXuzbgwu

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  JaffaCakes118_7135fb45ee4632410fdb23ea8130a291af8a8997d9e89924857a0f7d83502a40
- Size
  
  278KB
- MD5
  
  2b9adf531d59a26273a8988b0dc253ec
- SHA1
  
  fd34673bbcb30538e29082ebc0dca3f7c68ad52e
- SHA256
  
  7135fb45ee4632410fdb23ea8130a291af8a8997d9e89924857a0f7d83502a40
- SHA512
  
  dfd5d5886118f5fcd71c3e00e671b2bbc72514c52685937afb11fc4547d39d6308fc301b3bfb1714d4556c4929a106ba1731e62ebe3f01fa2de24b0d1d721721
- SSDEEP
  
  3072:AwxU7TGZ+njato4z+eqEMUpK8NB+2hXhrJcXWrxpzbgqru:AwxU7D4bnNBLhwXuzbgwu
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan