smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

26d2c9f492dcc15205e60e2cdeeaecb1_JaffaCakes118
Size

144KB
Sample

240705-lkgb5aydjh
MD5

26d2c9f492dcc15205e60e2cdeeaecb1
SHA1

bfd69dec23a617c4efd628a563be5903daa8ddf2
SHA256

bc25145e1a5a3cfe6a1dd5d5ad5b6e5bbfba10be6e399ace290bccf7039f5ab5
SHA512

7d1f4d089f6433c3d428a6d24b732a8ef43a181798bff429a5ccbc9e0d78bef5bc03cd53a06f65c3cfad348d37a0e8c8577b823561cd912b638728a4deda6df8
SSDEEP

3072:7/+IX2rgSfhcATG52IF/pAf5fgdrglDWzW1kM:7GImrgQb6afgdMlDWzTM

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

li11

Extracted

Family

smokeloader

Version

2020

https://olobus.casa/feedback.php

https://trusho.online/feedback.php

rc4.i32

Targets

- Target
  
  26d2c9f492dcc15205e60e2cdeeaecb1_JaffaCakes118
- Size
  
  144KB
- MD5
  
  26d2c9f492dcc15205e60e2cdeeaecb1
- SHA1
  
  bfd69dec23a617c4efd628a563be5903daa8ddf2
- SHA256
  
  bc25145e1a5a3cfe6a1dd5d5ad5b6e5bbfba10be6e399ace290bccf7039f5ab5
- SHA512
  
  7d1f4d089f6433c3d428a6d24b732a8ef43a181798bff429a5ccbc9e0d78bef5bc03cd53a06f65c3cfad348d37a0e8c8577b823561cd912b638728a4deda6df8
- SSDEEP
  
  3072:7/+IX2rgSfhcATG52IF/pAf5fgdrglDWzW1kM:7GImrgQb6afgdMlDWzTM
Score

10^/10

smokeloader li11 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2