smokeloader

General

Target

file
Size

193KB
Sample

231002-hdyfaahe23
MD5

ab94ede61192c3aa0a87ef14d479ef89
SHA1

b50db18accb06f71e1f367636f396b4f7c8c438e
SHA256

4524b3d7da9557b4a86a91653dbd8298d520e56038bc1e5a663dcb83923c7325
SHA512

cb3f874b73564267cd472b3092ec7378a7fac9df977bd8fc868ab2145b411d9a43ce2559d4fd2ec9bce809f8fbdba2b939a334d3b6f1f6dde734857066c84d12
SSDEEP

3072:mrTUVVhWn4XpWWki+i+1tqzXDdQ8/8gVV5lZmncE5kbc1+ovVo:r8Epv+igMXDCgVVvwGyZV

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  file
- Size
  
  193KB
- MD5
  
  ab94ede61192c3aa0a87ef14d479ef89
- SHA1
  
  b50db18accb06f71e1f367636f396b4f7c8c438e
- SHA256
  
  4524b3d7da9557b4a86a91653dbd8298d520e56038bc1e5a663dcb83923c7325
- SHA512
  
  cb3f874b73564267cd472b3092ec7378a7fac9df977bd8fc868ab2145b411d9a43ce2559d4fd2ec9bce809f8fbdba2b939a334d3b6f1f6dde734857066c84d12
- SSDEEP
  
  3072:mrTUVVhWn4XpWWki+i+1tqzXDdQ8/8gVV5lZmncE5kbc1+ovVo:r8Epv+igMXDCgVVvwGyZV
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Downloads MZ/PE file

Deletes itself

Drops startup file

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2