smokeloader

General

Target

tmp
Size

223KB
Sample

230627-mx8gtadg83
MD5

f06e5ece5b37477bf44cf7f35a21cd88
SHA1

3d6a568da6d2e6e5f52fdde58586100dd96790e2
SHA256

64c99e86f8722c5b825250b3302a2eafc652a09108a3213e124f173f10be2eeb
SHA512

5f965b910e64c3ff613ae28211cd53df3d9496ab5d425dd5b593c8103d9688ab8fad4aa063a5f24f5eb3486eec3120c29764a532d6f2d7ba6d0f5b6665891ffa
SSDEEP

3072:T40cYchfABTfjRvEDOZv+rO61HaLeKen5MQGcM:804o9TZm6SHaLVfD

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

smokeloader

Version

2022

C2

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  tmp
- Size
  
  223KB
- MD5
  
  f06e5ece5b37477bf44cf7f35a21cd88
- SHA1
  
  3d6a568da6d2e6e5f52fdde58586100dd96790e2
- SHA256
  
  64c99e86f8722c5b825250b3302a2eafc652a09108a3213e124f173f10be2eeb
- SHA512
  
  5f965b910e64c3ff613ae28211cd53df3d9496ab5d425dd5b593c8103d9688ab8fad4aa063a5f24f5eb3486eec3120c29764a532d6f2d7ba6d0f5b6665891ffa
- SSDEEP
  
  3072:T40cYchfABTfjRvEDOZv+rO61HaLeKen5MQGcM:804o9TZm6SHaLVfD
Score

10^/10

smokeloader pub5 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2