smokeloader

General

Target

1ae4352e93c3dadc3708bc2107afd50e
Size

244KB
Sample

230831-mhwjpsee76
MD5

1ae4352e93c3dadc3708bc2107afd50e
SHA1

609007fba0226eb6915ce50e080fa04f3c706641
SHA256

7415704fd2e5ffbb53f5ef4eede832499e18888fc1b206e5263714e669ade596
SHA512

6cd6f8ed017ba6bc077147aa8b39d99ad8de03a8d3fcae68ca2362294746605ceead0afbd1fa47b848f2e7cf9e3c66f0f1a775a5cf5498391ff96b6ec13ecfd2
SSDEEP

3072:ArmRB8q+pIkxFgFj3gEpU6WQXNQhXGVSdeoGY5D1x5e5yar:ASBF8gFjwEpUDKweoD5D10R

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://taibi.at/tmp/

http://01stroy.ru/tmp/

http://mal-net.com/tmp/

http://gromograd.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  1ae4352e93c3dadc3708bc2107afd50e
- Size
  
  244KB
- MD5
  
  1ae4352e93c3dadc3708bc2107afd50e
- SHA1
  
  609007fba0226eb6915ce50e080fa04f3c706641
- SHA256
  
  7415704fd2e5ffbb53f5ef4eede832499e18888fc1b206e5263714e669ade596
- SHA512
  
  6cd6f8ed017ba6bc077147aa8b39d99ad8de03a8d3fcae68ca2362294746605ceead0afbd1fa47b848f2e7cf9e3c66f0f1a775a5cf5498391ff96b6ec13ecfd2
- SSDEEP
  
  3072:ArmRB8q+pIkxFgFj3gEpU6WQXNQhXGVSdeoGY5D1x5e5yar:ASBF8gFjwEpUDKweoD5D10R
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2