smokeloader | 14c3fc7535fda0ea97a7258e8e43641d52990cb8882ae14ed57603bbc9420ff2 | Triage

Sharing

General

Target

JaffaCakes118_63adc220cd32e95bfc8609a05ea11646
Size

233KB
Sample

250107-p1jnza1ray
MD5

63adc220cd32e95bfc8609a05ea11646
SHA1

09590a5be498bb41cd5682f5aa55a14f1a412b7b
SHA256

14c3fc7535fda0ea97a7258e8e43641d52990cb8882ae14ed57603bbc9420ff2
SHA512

a9539a60f466dde012a5756bd8a791580de6b0adf9e20881dfcf55d50ec54b02ed76f46ee35883c3512c7a44a4f8e2dd33360b3dbe1ba8a581d3352844120252
SSDEEP

3072:yGhSioUSwfDB8i68OooHsNIHJP5gi0jUT9F+CNf4/AWaSkSJu98vdh:mUSwfDB88OooH4It5giTIADG8elh

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_63adc220cd32e95bfc8609a05ea11646
- Size
  
  233KB
- MD5
  
  63adc220cd32e95bfc8609a05ea11646
- SHA1
  
  09590a5be498bb41cd5682f5aa55a14f1a412b7b
- SHA256
  
  14c3fc7535fda0ea97a7258e8e43641d52990cb8882ae14ed57603bbc9420ff2
- SHA512
  
  a9539a60f466dde012a5756bd8a791580de6b0adf9e20881dfcf55d50ec54b02ed76f46ee35883c3512c7a44a4f8e2dd33360b3dbe1ba8a581d3352844120252
- SSDEEP
  
  3072:yGhSioUSwfDB8i68OooHsNIHJP5gi0jUT9F+CNf4/AWaSkSJu98vdh:mUSwfDB88OooH4It5giTIADG8elh
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan