smokeloader

General

Target

SecuriteInfo.com.Win32.TrojanX-gen.29884.9969
Size

232KB
Sample

230708-nre4raeg46
MD5

420db3b8a1b7f3f56683e5d72e9adda2
SHA1

e4e104ff61f7fee2e0a64a9b243b6e39f416f9d2
SHA256

fc5c1ed9df3db079ed9b1714c11b5fd8edd6f69498fe6150303ae160884d3c04
SHA512

2459c248fd86a48722f35f4a7e2eb4ca538d83491f5968d07f80d6d1323fdd53873e9d90a12d0664db6c1da6680f1565fad343a43008777bd29e4c16f6802dc9
SSDEEP

3072:1ZmnKwVesrS0H1bCtntcqZWbJxlUsHgwn+xAsBfFHs4+Ii/D:6KVsrS0VbK1Zcvg0Y59FHs

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

summ

Extracted

Family

smokeloader

Version

2022

C2

http://stalagmijesarl.com/

http://ukdantist-sarl.com/

http://cpcorprotationltd.com/

rc4.i32

Extracted

Family

smokeloader

Botnet

0nF

Targets

- Target
  
  SecuriteInfo.com.Win32.TrojanX-gen.29884.9969
- Size
  
  232KB
- MD5
  
  420db3b8a1b7f3f56683e5d72e9adda2
- SHA1
  
  e4e104ff61f7fee2e0a64a9b243b6e39f416f9d2
- SHA256
  
  fc5c1ed9df3db079ed9b1714c11b5fd8edd6f69498fe6150303ae160884d3c04
- SHA512
  
  2459c248fd86a48722f35f4a7e2eb4ca538d83491f5968d07f80d6d1323fdd53873e9d90a12d0664db6c1da6680f1565fad343a43008777bd29e4c16f6802dc9
- SSDEEP
  
  3072:1ZmnKwVesrS0H1bCtntcqZWbJxlUsHgwn+xAsBfFHs4+Ii/D:6KVsrS0VbK1Zcvg0Y59FHs
Score

10^/10

smokeloader summ backdoor trojan 0nf
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2