smokeloader

General

Target

file
Size

193KB
Sample

231002-jglfkahh46
MD5

a5b93299ba4b27b2bf09b1779ecd6e65
SHA1

34d5ffdffa261844be0c96b45d7242eff23b1ce5
SHA256

712cf06bcef3ff8dccd7d96981de689bd1913610594ea2475aa99eee31654837
SHA512

b2b6644a5315a362021895708db99d9c476629a5b22c2b14ea4684788d1bb73fd988ba3d91c77c47af38bf84c347dc20618ec4489a39af159dd7147e9e62ab1f
SSDEEP

3072:tspoTFSBnhxT55gK/EWKFa4LoF5imi0FAmcO56MJB+ovV:Xm39uKhKf6n0KZV

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  file
- Size
  
  193KB
- MD5
  
  a5b93299ba4b27b2bf09b1779ecd6e65
- SHA1
  
  34d5ffdffa261844be0c96b45d7242eff23b1ce5
- SHA256
  
  712cf06bcef3ff8dccd7d96981de689bd1913610594ea2475aa99eee31654837
- SHA512
  
  b2b6644a5315a362021895708db99d9c476629a5b22c2b14ea4684788d1bb73fd988ba3d91c77c47af38bf84c347dc20618ec4489a39af159dd7147e9e62ab1f
- SSDEEP
  
  3072:tspoTFSBnhxT55gK/EWKFa4LoF5imi0FAmcO56MJB+ovV:Xm39uKhKf6n0KZV
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Drops startup file
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Downloads MZ/PE file

Deletes itself

Drops startup file

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2