smokeloader

General

Target

ytrqk.exe
Size

159KB
Sample

210307-7lehybq5mj
MD5

d0c53c25e4814001be39bd8e1d19e1f2
SHA1

98b1664f88fabb2299d136bff11377920b1cc096
SHA256

070a94ee0cd9ac1b1ed467353f5731e09cab136315447c04f53bc52d4fe3f8cc
SHA512

261fd9844a9319ecad240f063b6c752f1c277ae1c53edc9a287999f84adb70a8caa233167380c74917eeb9d33812472c9733133110222f283d9e459307fae067

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://etasuklavish.today/

http://mragyzmachnobesdi.today/

http://kimchinikuzims.today/

http://slacvostinrius.today/

http://straponuliusyn.today/

http://grammmdinss.today/

http://viprasputinsd.chimkent.su/

http://lupadypa.dagestan.su/

http://stoknolimchin.exnet.su/

http://musaroprovadnikov.live/

http://teemforyourexprensiti.life/

http://stolkgolmishutich.termez.su/

http://roompampamgandish.wtf/

rc4.i32

Targets

- Target
  
  ytrqk.exe
- Size
  
  159KB
- MD5
  
  d0c53c25e4814001be39bd8e1d19e1f2
- SHA1
  
  98b1664f88fabb2299d136bff11377920b1cc096
- SHA256
  
  070a94ee0cd9ac1b1ed467353f5731e09cab136315447c04f53bc52d4fe3f8cc
- SHA512
  
  261fd9844a9319ecad240f063b6c752f1c277ae1c53edc9a287999f84adb70a8caa233167380c74917eeb9d33812472c9733133110222f283d9e459307fae067
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2