smokeloader | cf6038ba1a20b442716b27bfe818e184c6c1b7f431624175242933d27582c7ae | Triage

Sharing

General

Target

JaffaCakes118_b910a228aa3b4cbc9d98beafc6627bd6
Size

311KB
Sample

250105-x18bbsvrfl
MD5

b910a228aa3b4cbc9d98beafc6627bd6
SHA1

cf20b00b7598294ccbef45498fec745949cf9c20
SHA256

cf6038ba1a20b442716b27bfe818e184c6c1b7f431624175242933d27582c7ae
SHA512

7f4023d3b431b6850c0aecdaa99e58a20c8114636567c9b59181c780c4061193fc208f5c2c4f128e9d1f4a83ccb29b12cc509c082cb2a52b8986e4909376c54b
SSDEEP

3072:UQrpI4Ly7NjR6jqXAH8oZeJCtCQp877yBv4XJhlpot1x8TIXA0CqBN/58cE40ysg:5oAHz05ceWv4ZhlpK1ekQ0CqBR5J0Hg

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_b910a228aa3b4cbc9d98beafc6627bd6
- Size
  
  311KB
- MD5
  
  b910a228aa3b4cbc9d98beafc6627bd6
- SHA1
  
  cf20b00b7598294ccbef45498fec745949cf9c20
- SHA256
  
  cf6038ba1a20b442716b27bfe818e184c6c1b7f431624175242933d27582c7ae
- SHA512
  
  7f4023d3b431b6850c0aecdaa99e58a20c8114636567c9b59181c780c4061193fc208f5c2c4f128e9d1f4a83ccb29b12cc509c082cb2a52b8986e4909376c54b
- SSDEEP
  
  3072:UQrpI4Ly7NjR6jqXAH8oZeJCtCQp877yBv4XJhlpot1x8TIXA0CqBN/58cE40ysg:5oAHz05ceWv4ZhlpK1ekQ0CqBR5J0Hg
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan