smokeloader

General

Target

8ef0c1605b7cccd1cd1fca20569c0518.bin
Size

141KB
Sample

231003-byvrkahd62
MD5

299e0af6620006c40bd6dcbcfecc3d3e
SHA1

4a7fe536cba2a9c552f8498128609d56acf9c31d
SHA256

df9cb82a3eef384ab7c65d91dbb26b73b723acbcbf0f47664c6753f2c98f1418
SHA512

7151a692169bdc70120ddb66003c1ed5c75b20b0b18374ca222590f83e9a9542b4c6df66fbcfe458065dd271694ad9f13047b432ed4ead162d83b477dc5ec63e
SSDEEP

3072:p3RJ1Rv1aAp3X6WJcqTixMf1p4A2NYfkPx1FiF8xkPyNArNyGg8f7L5:phJ7LaWSqTjfHvs51wvPyNs

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  a4ce09752fb325fb3ec8de3ec1beb05ca3c92015d1ed8c48fd0b9e3a57cd8c51.exe
- Size
  
  195KB
- MD5
  
  8ef0c1605b7cccd1cd1fca20569c0518
- SHA1
  
  979d41a2bcc78fa02b568b1048d34725f4e3ba08
- SHA256
  
  a4ce09752fb325fb3ec8de3ec1beb05ca3c92015d1ed8c48fd0b9e3a57cd8c51
- SHA512
  
  fb5d83f2ea8a0fae2ec4f1f50fdf68ebf28db04051ade267e78f53c051b9156b30730d245e495d1016cd20eac72108e850e8fd2274cbb87e0e113fdbe562dab3
- SSDEEP
  
  3072:C+4fRnUz8c+acudpqoGLelf3wM2/rYgfyupY81zGSbKx+5vLeq:wU8c+acuqigb/rDBUS9K
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2