smokeloader | f4f2bf4ddc04ff27514e0ebe8937fc896219f82b24bebb41c1965888986aa89b | Triage

Sharing

General

Target

JaffaCakes118_f4f2bf4ddc04ff27514e0ebe8937fc896219f82b24bebb41c1965888986aa89b
Size

120KB
Sample

241226-3dendsvlhl
MD5

68a9bac9164486d0d4cb0a76d6e6e607
SHA1

824abd51ea52937e41e086f5737acbf9ad3ae180
SHA256

f4f2bf4ddc04ff27514e0ebe8937fc896219f82b24bebb41c1965888986aa89b
SHA512

e6177f570da32bf9e1bb83244e96babff19c9bf1536d51a3ef9a3d95c04c62947462bacdfff2b8e4a1858ce8ff5a47d1a794b9f3981e1504bf8469d78bd8d211
SSDEEP

3072:OoHDd4x5WifKjRDA1MvtslNsRfcIz3rRwYdOIi:Oqp4x5JCjFA1MyNsRfcI7VwYhi

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  09feed1234e29f79b739aa6863b7a62376b8c912ea19b6a340186e11b1388ec9
- Size
  
  278KB
- MD5
  
  e399393e7f44822e6064e45a6dd7a8df
- SHA1
  
  aed6ef79c065852ae0cabc68f0f0dee43aca377a
- SHA256
  
  09feed1234e29f79b739aa6863b7a62376b8c912ea19b6a340186e11b1388ec9
- SHA512
  
  6ae41f393884ad1bbffad673ff6eff7be494b426c8b2c87bb1119eacf54045fae8a09ad2581a2dd3d347ca9f1c5c2025625e4ede0d8bc000bdea8ac3cae3e2a5
- SSDEEP
  
  3072:xmEf9DU9XymGoXFKSkbho56NJgSWOrDX3AlYulM1Wrxpzbgqru:xXlDU1LKzbh0NSWSDAlY1uzbgwu
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan