smokeloader | e84ebd84af1c86624de0f0bdfad7308295d3237ade2622f875baaf8b98b65fbb | Triage

Sharing

General

Target

JaffaCakes118_d2f381cd3baa48edd82f87d48a1cb0fa
Size

233KB
Sample

250109-1g9ltssjbt
MD5

d2f381cd3baa48edd82f87d48a1cb0fa
SHA1

b01886c2ffb80d235c10604900366b2467226482
SHA256

e84ebd84af1c86624de0f0bdfad7308295d3237ade2622f875baaf8b98b65fbb
SHA512

8647e6663d8cfaffd0556c9a90b0266fe996d4c3a02d71c289de635d69c1a726deaf875651bee30471e52ac9089682e67277d18a414ac9e74f2bb1c78d8eae86
SSDEEP

3072:/GheuIAywj7VlYGZO86eTEC6hBgpECP5iiYhiuje+CNf4/AWaSkSJu98vd:zAywj7VlYmHCA75iiYsuQIADG8el

Score

10^/10

smokeloader backdoor discovery trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_d2f381cd3baa48edd82f87d48a1cb0fa
- Size
  
  233KB
- MD5
  
  d2f381cd3baa48edd82f87d48a1cb0fa
- SHA1
  
  b01886c2ffb80d235c10604900366b2467226482
- SHA256
  
  e84ebd84af1c86624de0f0bdfad7308295d3237ade2622f875baaf8b98b65fbb
- SHA512
  
  8647e6663d8cfaffd0556c9a90b0266fe996d4c3a02d71c289de635d69c1a726deaf875651bee30471e52ac9089682e67277d18a414ac9e74f2bb1c78d8eae86
- SSDEEP
  
  3072:/GheuIAywj7VlYGZO86eTEC6hBgpECP5iiYhiuje+CNf4/AWaSkSJu98vd:zAywj7VlYmHCA75iiYsuQIADG8el
Score

10^/10

smokeloader backdoor discovery trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Smokeloader family
  smokeloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoordiscoverytrojan

behavioral2

smokeloaderbackdoordiscoverytrojan