smokeloader

General

Target

file
Size

386KB
Sample

230901-qv4mmafc58
MD5

059aa5219c81ccec4d257337c885c9e5
SHA1

1075024d4a988eddfdf2b4042078640c65d4b603
SHA256

a3e06d811446215d4ccf92e136c20795d346f94c23f94caeab63d5727f35b866
SHA512

6249f7d5fef925bc956a6f16ba431500eb6c403ae7880c434259d156d90d6d19820840e352c786e17c7f0cff65bea951730d471835a94734f1b7bb7868c032fd
SSDEEP

3072:BdeUSdFCGEnpS9zSahHnboPV3dFpyQc16Z+tYuxrm4KNKLPcOJdxH/WRXWh:7exSGqpSJSP/yILtgLUebH/i

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://taibi.at/tmp/

http://01stroy.ru/tmp/

http://mal-net.com/tmp/

http://gromograd.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  file
- Size
  
  386KB
- MD5
  
  059aa5219c81ccec4d257337c885c9e5
- SHA1
  
  1075024d4a988eddfdf2b4042078640c65d4b603
- SHA256
  
  a3e06d811446215d4ccf92e136c20795d346f94c23f94caeab63d5727f35b866
- SHA512
  
  6249f7d5fef925bc956a6f16ba431500eb6c403ae7880c434259d156d90d6d19820840e352c786e17c7f0cff65bea951730d471835a94734f1b7bb7868c032fd
- SSDEEP
  
  3072:BdeUSdFCGEnpS9zSahHnboPV3dFpyQc16Z+tYuxrm4KNKLPcOJdxH/WRXWh:7exSGqpSJSP/yILtgLUebH/i
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2