smokeloader | 151cd59f8436587bec1f40785d6148d7d3e32807a451ff258001dbe7682c215c | Triage

Sharing

General

Target

JaffaCakes118_151cd59f8436587bec1f40785d6148d7d3e32807a451ff258001dbe7682c215c
Size

119KB
Sample

241225-feqeysymdq
MD5

164cde8761226174ac41c0fadb880778
SHA1

e48ab9c8f22f6aab3ed57a90f32cec37effdb0bf
SHA256

151cd59f8436587bec1f40785d6148d7d3e32807a451ff258001dbe7682c215c
SHA512

00a4d5c3c8bf6ada7273f2b889a6036ff3ce44b12c2d90f4cd4aa93b73e247de8385d57139ad22b6b62c7aab14046bcd8d0d4f385268a63672d4f58861c1b683
SSDEEP

3072:tN5Om4FVOT5C7Ot8u9GAScXcGDjzhMdpM+eB:t/F4+FhtZScXcGThgU

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  a218d406d0fa9f6a7dd2fbd924d1fd318851c7f7257771d21965ab0d0de65543
- Size
  
  277KB
- MD5
  
  3ce445fd600538b9abd485582e78131f
- SHA1
  
  6fc5c8e21c77fcb8b1282e873816b6d89573d2a7
- SHA256
  
  a218d406d0fa9f6a7dd2fbd924d1fd318851c7f7257771d21965ab0d0de65543
- SHA512
  
  f9bb3a7ff6cb8dbb39b7b08bfe96084f4bc9686e7279ec8389b1638696c3073be301f66cc658d6f61b20b7421e8be54e0451681950487a4deeaaaf6a9eb92b52
- SSDEEP
  
  3072:qDkSmYW6Xu6V1K9l4Jgy7NuhOsNojuDEq0zxuP3Wrxpzbgqru:qoZbs1mjmeNZ0K3uzbgwu
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan