smokeloader | 36a6f4781d52120c705959359957957ff713df14093ebcb3084ca20db40eaaeb | Triage

Sharing

General

Target

JaffaCakes118_7a3e9ae2c054c2f7e8e73cb31afcece8
Size

301KB
Sample

250104-r1fneswlem
MD5

7a3e9ae2c054c2f7e8e73cb31afcece8
SHA1

b591549262c6bf635399b88a53065a3735c16450
SHA256

36a6f4781d52120c705959359957957ff713df14093ebcb3084ca20db40eaaeb
SHA512

e074e57456f760c0de0645520232764cd4154460f275567e36a90c66e1707699d54a325fa5448842021d0008e601e4e87564437498860bc29735236b106bc02c
SSDEEP

3072:omFSv0+rTSlRJlDjEKqAvPPtzGDgDb2Gk3cvzDlIVZ+HJrU8ZxtQoSznijhnlhI5:cSl391Dvt68Db2rQz+z+HuosoAwhIa

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  JaffaCakes118_7a3e9ae2c054c2f7e8e73cb31afcece8
- Size
  
  301KB
- MD5
  
  7a3e9ae2c054c2f7e8e73cb31afcece8
- SHA1
  
  b591549262c6bf635399b88a53065a3735c16450
- SHA256
  
  36a6f4781d52120c705959359957957ff713df14093ebcb3084ca20db40eaaeb
- SHA512
  
  e074e57456f760c0de0645520232764cd4154460f275567e36a90c66e1707699d54a325fa5448842021d0008e601e4e87564437498860bc29735236b106bc02c
- SSDEEP
  
  3072:omFSv0+rTSlRJlDjEKqAvPPtzGDgDb2Gk3cvzDlIVZ+HJrU8ZxtQoSznijhnlhI5:cSl391Dvt68Db2rQz+z+HuosoAwhIa
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan