smokeloader | ed36a18f072ff11c1aaa166d51a056805456fb9b83f9d0363802dca8d7379ec5 | Triage

Sharing

General

Target

JaffaCakes118_ed36a18f072ff11c1aaa166d51a056805456fb9b83f9d0363802dca8d7379ec5
Size

298KB
Sample

241225-p75vsatlas
MD5

b2daf233f828131b14657f30de5995fe
SHA1

b85b6c91ff82602266da46280aa3783f4f92d806
SHA256

ed36a18f072ff11c1aaa166d51a056805456fb9b83f9d0363802dca8d7379ec5
SHA512

34ece7177cf96af17c8ccd057b4790b589ab17f577b1aeb2aa73aa33441841c23f2b80e3ad88d5b2a508cd5cde473fd69347699e1f424f7ccb38ffbf7c31c0bd
SSDEEP

6144:A1eRzh6V6MReKuuzbgwuyr7ITsqHvYnaW:EGzh6VjIvunnP7aYna

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  JaffaCakes118_ed36a18f072ff11c1aaa166d51a056805456fb9b83f9d0363802dca8d7379ec5
- Size
  
  298KB
- MD5
  
  b2daf233f828131b14657f30de5995fe
- SHA1
  
  b85b6c91ff82602266da46280aa3783f4f92d806
- SHA256
  
  ed36a18f072ff11c1aaa166d51a056805456fb9b83f9d0363802dca8d7379ec5
- SHA512
  
  34ece7177cf96af17c8ccd057b4790b589ab17f577b1aeb2aa73aa33441841c23f2b80e3ad88d5b2a508cd5cde473fd69347699e1f424f7ccb38ffbf7c31c0bd
- SSDEEP
  
  6144:A1eRzh6V6MReKuuzbgwuyr7ITsqHvYnaW:EGzh6VjIvunnP7aYna
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan