smokeloader

General

Target

file
Size

193KB
Sample

231001-2expxsfh27
MD5

3ab9d59f2989114bc115bdfb60331c7c
SHA1

c593d890483a9fa5bb3ac142031cc4273040fe8f
SHA256

3c8eed8e725d7eb608c751cbaa7bcf13e765dcc34f73145985e22eb61abc2873
SHA512

a998de5b22ecf65da7c60ae6a1f86b1cbaad227eff5d40428c8e77b7fdfd5e10adb1e49e337d8ff4fc9d9384253616fff8b2f754894cca311be11521637866d9
SSDEEP

3072:RaNCfF2HFzRfqBzFGpRB8GdtxYWIqCx26Ji/WrJXKO8gc150CE+ovV:H2lzRozgR+YtBIqOmOrJaO8VEZV

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  file
- Size
  
  193KB
- MD5
  
  3ab9d59f2989114bc115bdfb60331c7c
- SHA1
  
  c593d890483a9fa5bb3ac142031cc4273040fe8f
- SHA256
  
  3c8eed8e725d7eb608c751cbaa7bcf13e765dcc34f73145985e22eb61abc2873
- SHA512
  
  a998de5b22ecf65da7c60ae6a1f86b1cbaad227eff5d40428c8e77b7fdfd5e10adb1e49e337d8ff4fc9d9384253616fff8b2f754894cca311be11521637866d9
- SSDEEP
  
  3072:RaNCfF2HFzRfqBzFGpRB8GdtxYWIqCx26Ji/WrJXKO8gc150CE+ovV:H2lzRozgR+YtBIqOmOrJaO8VEZV
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Downloads MZ/PE file

Deletes itself

Drops startup file

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2