smokeloader | aff508257ad24967d213b16ddaf1f236696c5da5484d6877289aed85a49cc202 | Triage

Sharing

General

Target

JaffaCakes118_2fe51b61b8c5fdc4ce28babfb9b86547
Size

344KB
Sample

250106-vpll3stqhr
MD5

2fe51b61b8c5fdc4ce28babfb9b86547
SHA1

74bcfdb89ac5edf0b3826ab14872e9e23299575c
SHA256

aff508257ad24967d213b16ddaf1f236696c5da5484d6877289aed85a49cc202
SHA512

df9c5cd11b10542801762999698f2ef592ef50db15923a726dc5f63e1a0663502b06a8a0626bddc9034d70a982518710450e1799231f9c4f1bb17a8882206c65
SSDEEP

6144:8x/bN3nD7DOhsPKlma2cHDjBG9V7a5nX+Da+1f0NGqqFLf2z1kBZ+i:8ttD7D7Klma2cpWdKnuDa+1M6FLOzs/

Score

10^/10

smokeloader pub3 backdoor discovery trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

- Target
  
  JaffaCakes118_2fe51b61b8c5fdc4ce28babfb9b86547
- Size
  
  344KB
- MD5
  
  2fe51b61b8c5fdc4ce28babfb9b86547
- SHA1
  
  74bcfdb89ac5edf0b3826ab14872e9e23299575c
- SHA256
  
  aff508257ad24967d213b16ddaf1f236696c5da5484d6877289aed85a49cc202
- SHA512
  
  df9c5cd11b10542801762999698f2ef592ef50db15923a726dc5f63e1a0663502b06a8a0626bddc9034d70a982518710450e1799231f9c4f1bb17a8882206c65
- SSDEEP
  
  6144:8x/bN3nD7DOhsPKlma2cHDjBG9V7a5nX+Da+1f0NGqqFLf2z1kBZ+i:8ttD7D7Klma2cpWdKnuDa+1M6FLOzs/
Score

10^/10

smokeloader pub3 backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub3backdoordiscoverytrojan

behavioral2

smokeloaderpub3backdoordiscoverytrojan