smokeloader | 7cb7acaf5b6a7ce8c4615897b1833bf506fadf4b3977bc0b9d3483765a722075 | Triage

Sharing

General

Target

JaffaCakes118_7cb7acaf5b6a7ce8c4615897b1833bf506fadf4b3977bc0b9d3483765a722075
Size

273KB
Sample

241230-wgzpeasjak
MD5

5bc2ac94201341c1b34250d5b38ff292
SHA1

544efbc65e64f8aa6e2f980a29f7a0c7f6a5d438
SHA256

7cb7acaf5b6a7ce8c4615897b1833bf506fadf4b3977bc0b9d3483765a722075
SHA512

eef8eb2349896322425322506c5dc1465fbc6f0e6b3fcc2e2d56d20d5296bd3e784c3acd7f89ef3762bba9f0e3839cf6fe45b28c5315c0f5ec0d7cf4cafa7898
SSDEEP

3072:BFvaoRjbNYyKY8HGSsD7NFRHIzxuhrCOD/cWrxpzbgqru:BNKXk739Izg5/cuzbgwu

Score

10^/10

smokeloader pub2 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Targets

- Target
  
  JaffaCakes118_7cb7acaf5b6a7ce8c4615897b1833bf506fadf4b3977bc0b9d3483765a722075
- Size
  
  273KB
- MD5
  
  5bc2ac94201341c1b34250d5b38ff292
- SHA1
  
  544efbc65e64f8aa6e2f980a29f7a0c7f6a5d438
- SHA256
  
  7cb7acaf5b6a7ce8c4615897b1833bf506fadf4b3977bc0b9d3483765a722075
- SHA512
  
  eef8eb2349896322425322506c5dc1465fbc6f0e6b3fcc2e2d56d20d5296bd3e784c3acd7f89ef3762bba9f0e3839cf6fe45b28c5315c0f5ec0d7cf4cafa7898
- SSDEEP
  
  3072:BFvaoRjbNYyKY8HGSsD7NFRHIzxuhrCOD/cWrxpzbgqru:BNKXk739Izg5/cuzbgwu
Score

10^/10

smokeloader pub2 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub2backdoordiscoverytrojan

behavioral2

smokeloaderpub2backdoordiscoverytrojan