smokeloader | b7023cac03d7df44fe78ef048f56ce006e2b421a364bcf78ed08813ba45437c7 | Triage

Sharing

General

Target

JaffaCakes118_7db507c9e746c18bdf2f6d24e18068e9
Size

233KB
Sample

250107-2wtdtssnd1
MD5

7db507c9e746c18bdf2f6d24e18068e9
SHA1

97dba2e4dd7552da3646f74bd5ffd9cc662e4302
SHA256

b7023cac03d7df44fe78ef048f56ce006e2b421a364bcf78ed08813ba45437c7
SHA512

159a9b83c9a0a80b236ba7c6c000eee6887167e705401fedfcec0e1865f05c659e5410895da94260964de78926630485016b0e99578ccafb2f0f61d573f1718d
SSDEEP

3072:5GhKSUgxInv9LW4k1LF/xU+i26P5wiqCTvFb+CNf4/AWaSkSJu98vdd:lgxInv9yh/xLy5wiBt7IADG8eld

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_7db507c9e746c18bdf2f6d24e18068e9
- Size
  
  233KB
- MD5
  
  7db507c9e746c18bdf2f6d24e18068e9
- SHA1
  
  97dba2e4dd7552da3646f74bd5ffd9cc662e4302
- SHA256
  
  b7023cac03d7df44fe78ef048f56ce006e2b421a364bcf78ed08813ba45437c7
- SHA512
  
  159a9b83c9a0a80b236ba7c6c000eee6887167e705401fedfcec0e1865f05c659e5410895da94260964de78926630485016b0e99578ccafb2f0f61d573f1718d
- SSDEEP
  
  3072:5GhKSUgxInv9LW4k1LF/xU+i26P5wiqCTvFb+CNf4/AWaSkSJu98vdd:lgxInv9yh/xLy5wiBt7IADG8eld
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan