smokeloader

General

Target

bee870942dbdae612ec164f1d9eb9c7912e016367acff5ae87d9faed29338617
Size

190KB
Sample

230508-3pfptsfb6x
MD5

cf5d0c443e6ddbc78189fab51dd07064
SHA1

416d768e1529d3e8d8eb5e56805c2201090303e8
SHA256

bee870942dbdae612ec164f1d9eb9c7912e016367acff5ae87d9faed29338617
SHA512

858839bac96aa8891ae1c40a1d5bcba2b7c646fbbb683de10ecd6008987b63db519772035f8858f945b96064504a112e13accb19986b4b46c4c41206000c1420
SSDEEP

3072:wAbAhDPVlNT3Dv7OWbkmiJGn2elMiZI+cDG+gy+6BQIH5jBhmT:NAPlNTz1nbJpEVBQqBhmT

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  bee870942dbdae612ec164f1d9eb9c7912e016367acff5ae87d9faed29338617
- Size
  
  190KB
- MD5
  
  cf5d0c443e6ddbc78189fab51dd07064
- SHA1
  
  416d768e1529d3e8d8eb5e56805c2201090303e8
- SHA256
  
  bee870942dbdae612ec164f1d9eb9c7912e016367acff5ae87d9faed29338617
- SHA512
  
  858839bac96aa8891ae1c40a1d5bcba2b7c646fbbb683de10ecd6008987b63db519772035f8858f945b96064504a112e13accb19986b4b46c4c41206000c1420
- SSDEEP
  
  3072:wAbAhDPVlNT3Dv7OWbkmiJGn2elMiZI+cDG+gy+6BQIH5jBhmT:NAPlNTz1nbJpEVBQqBhmT
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2