smokeloader

General

Target

file
Size

192KB
Sample

231005-yrrsnahb42
MD5

5a7b95cc1ab2b0baf5a255ea316af1c1
SHA1

35e79ac8135e548e51fbcc7446f3393313a88f46
SHA256

cc4d763568a1fc082f9fa7c7f8aebf175aa86bf8f3c871eff075d61bf0406a5c
SHA512

db87e96d0abfa985a494c0048e035611c244583e8cc0e7ea15fe5a5d514eb487e4a758d15474d810a09ac4498ee17f92310b8dd13e88dc303c39d16fb284c8be
SSDEEP

3072:2u+WM//NzNg3OJ7yCgXefJipYm6qNLWUU9CMyf79522iS605NJ:yWMPPJhicgWm7NLmCMk952LS6w

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  file
- Size
  
  192KB
- MD5
  
  5a7b95cc1ab2b0baf5a255ea316af1c1
- SHA1
  
  35e79ac8135e548e51fbcc7446f3393313a88f46
- SHA256
  
  cc4d763568a1fc082f9fa7c7f8aebf175aa86bf8f3c871eff075d61bf0406a5c
- SHA512
  
  db87e96d0abfa985a494c0048e035611c244583e8cc0e7ea15fe5a5d514eb487e4a758d15474d810a09ac4498ee17f92310b8dd13e88dc303c39d16fb284c8be
- SSDEEP
  
  3072:2u+WM//NzNg3OJ7yCgXefJipYm6qNLWUU9CMyf79522iS605NJ:yWMPPJhicgWm7NLmCMk952LS6w
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2