smokeloader

General

Target

m0gp3.zip
Size

79KB
Sample

201223-b6yjrvlp32
MD5

b0d6db380f03916eb0fd3ec16c6ed07b
SHA1

1516323c2e2ce98bc0961054a3bc220c75e93ade
SHA256

a6f44b8a9324150ccdb157794b6ec628eb27d2530c1a66df94aa5ed9cd9831c3
SHA512

09d259ce752d2f77d7130e11afd018aad3b28907ada47d30cc8b413caffdd175b800b5cf3fc93d1e371a8b4bdd2d21373a84c64914b88681b9f140aeb45a13dd

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://etasuklavish.today/

http://mragyzmachnobesdi.today/

http://kimchinikuzims.today/

http://slacvostinrius.today/

http://straponuliusyn.today/

http://grammmdinss.today/

http://viprasputinsd.chimkent.su/

http://lupadypa.dagestan.su/

http://stoknolimchin.exnet.su/

http://musaroprovadnikov.live/

http://teemforyourexprensiti.life/

http://stolkgolmishutich.termez.su/

http://roompampamgandish.wtf/

rc4.i32

Targets

- Target
  
  m0gp3.exe
- Size
  
  112KB
- MD5
  
  c989356bdc4ffc9b4752acecfddb551d
- SHA1
  
  fff0e011c492e174a3175c3ddb2ee0d6ed9d7285
- SHA256
  
  8afc2dd7267bbf83a46549f4e7731f6473610c33bc9ee41b4dd0b994c3a29473
- SHA512
  
  f51769eed207b7b0e9387c9bc13d46502f0c25086c6f1ce8d16678bbe639f06efb799959efac10aefd6d92dd08310216d2929178ebee3f2c73ecad286c89da1f
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2