smokeloader | 1a39988ef93cd65aee96f82f996ff9e6003f537591b02f4dc5eccb0936d406db | Triage

Sharing

General

Target

JaffaCakes118_1a39988ef93cd65aee96f82f996ff9e6003f537591b02f4dc5eccb0936d406db
Size

128KB
Sample

241230-3tgspaxmhw
MD5

9e6d7979bd12d955410d28fe30b6b98f
SHA1

da4c1aad2b5d7cd477c090f41026cae825b3ec69
SHA256

1a39988ef93cd65aee96f82f996ff9e6003f537591b02f4dc5eccb0936d406db
SHA512

f696e925d6bb3d4eee8812da2d959c9118b8c509733dfdc1315427b590e3a01ddff2ad404f2cafdb7ffda09078cac346afb9517459aaba190bd9de4758204bd1
SSDEEP

3072:Hx5hXlQemv+Vujxwjb5ljnyBtT3HdnkJSlC3WpdE8EfS3:HVmYujxSFyBt3q8

Score

10^/10

smokeloader pub1 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  0980163cb72bdf530048c50d87a8fb18833df76805d652fbb1813fa1ceb990f4
- Size
  
  293KB
- MD5
  
  bec47ba0d740c723ba42323ef48af294
- SHA1
  
  2ee8c98a344fc0efc6d6113537c92c0ed500ff71
- SHA256
  
  0980163cb72bdf530048c50d87a8fb18833df76805d652fbb1813fa1ceb990f4
- SHA512
  
  af26b7938cb6eb039406cb350bf5d8bd591b8ec62077a8ecc11e9ef8c10290f2bd4d3368dc0a5873141a1487f1f7f09957ebc709df568da69800f36144eca6f2
- SSDEEP
  
  3072:7VVkLJ9kB9Qgph4olhyBPLb4ZoDD8E7YIIwOWrxpzbgqruJnfed:hVkLJGQglkD0ZoRUIIhuzbgwuJG
Score

10^/10

smokeloader pub1 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub1backdoordiscoverytrojan

behavioral2

smokeloaderpub1backdoordiscoverytrojan