smokeloader

General

Target

8382055547e17fec8e6b571adc4528cfff521e02f8ac8af6ff77f84dcc2eb0f3
Size

149KB
Sample

231004-nfqfcada93
MD5

200287ce1919744a7deeb724667e720e
SHA1

04f4a60b3b29b5aa9720f39e0ed9bc153098722b
SHA256

06db5d130ccbc186e4d790d903e399c3c6030840719b8f0571ec77645a7c97c1
SHA512

a1999cc8384cb1efcbee796e2f01e3fcf98739f8a50a0d710eff523025edaa69e5479293a352a56c3edef4218c1e84ed6db3b569420a99b565e165202e48630d
SSDEEP

3072:M/0Wx2IqhQmL3bMKwV3AV4WxwLviyL8mD6edSW9k4wbMT23Qg1XWses:8z2IPmL2V3h7hgC62p9k4wATF6Wses

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  8382055547e17fec8e6b571adc4528cfff521e02f8ac8af6ff77f84dcc2eb0f3
- Size
  
  209KB
- MD5
  
  2df2542b92eadea5ddc2ab96e0788bce
- SHA1
  
  141a6c0e53de97fd6babd122d98513c404271c84
- SHA256
  
  8382055547e17fec8e6b571adc4528cfff521e02f8ac8af6ff77f84dcc2eb0f3
- SHA512
  
  f6bc47fb183d92dd812830ea55cb0f19a255ce8b8731b8375ee1e1821be9e70ead0653e63aea724ed71e28d7bd07345ed7b8d9506a0a19f005765f5cfb9a6710
- SSDEEP
  
  3072:DOKdZK4hkLL8pmX3BxqRBEWFNyL8mD6edSWZdQ7p7LJ5smWt87h4:vK4mXQmX8KgC62pzQtImW
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2