smokeloader

General

Target

NEAS.2ed1b45529d5412a717d1ae706a8ac4ee9fcf8a82c0bfaf490a4228fc7f2e810_JC.zip
Size

139KB
Sample

231006-qhgx4abh3v
MD5

8a8439616612e4f20bdfb63cf6a223be
SHA1

9728bffb4c9be673e6f6d9d36d46e9ab1aaa1c16
SHA256

acbb9410e783e07bc093cb86b9d895a2e34d3973fb5e396688c4c5853c509ab1
SHA512

78a17c67789a66564466984687cb93088d658fddfa17a595f82cdbdc69af8972807df39b67267e8b18636fa92af5754b88dce37f12cc0417eeb628f22a14df88
SSDEEP

3072:eAAfzUemQOqRVDs6+If5LZnbXsYYmumbvQWHAxGX:eAAfzUeds679nzsYBbvQWgxY

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  2ed1b45529d5412a717d1ae706a8ac4ee9fcf8a82c0bfaf490a4228fc7f2e810
- Size
  
  294KB
- MD5
  
  76bce6c3ada9da91994d4615cee00be4
- SHA1
  
  c9aa9627dde27b1cf3825ec7e7794c512dba9de4
- SHA256
  
  2ed1b45529d5412a717d1ae706a8ac4ee9fcf8a82c0bfaf490a4228fc7f2e810
- SHA512
  
  516a5f8b2f23d9f3d520a2c572e2c2990a0f0c261cbadcf2a920f7d5ea014b75c12cf13a3aca4ef1a88accb6e5934bc029a80bf57bdf2cd54ca2aa002a26523a
- SSDEEP
  
  3072:ZAXhQbYEYU3D5NEgu3dAhArybXsYYmK/Cggor4qoF:ZeeYVU3Tq3hyzsYcKggPqo
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2