smokeloader | cc81fd50c7c8174f158219f8d0d01e07b320af642961687a0b9e8aaffbb97964 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

202KB
Sample

231009-gvffcsda55
MD5

03a72710efcdf882a5d49be4f866665e
SHA1

63a22bc5fbe6eb95d0c85ca6905dc3a151d56caa
SHA256

cc81fd50c7c8174f158219f8d0d01e07b320af642961687a0b9e8aaffbb97964
SHA512

d40b0bc953340a164322eb061bf6f0fcacd7ef48c16ce980b4ea373f71d2a900c83ddfdbe13d701ea5778906a2bd465ca225b1b6a51e6f83721ac46d9ec340a7
SSDEEP

3072:auHX7P5VoBro+RFkzULhQBZkVMcFX0NhzjZ5OcgqkKNS5DZDBM:aUroBrolzUF6ZkVxFX0NPgqLNQM

Score

10^/10

smokeloader pub4 backdoor spyware trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

rc4.i32

Targets

- Target
  
  file
- Size
  
  202KB
- MD5
  
  03a72710efcdf882a5d49be4f866665e
- SHA1
  
  63a22bc5fbe6eb95d0c85ca6905dc3a151d56caa
- SHA256
  
  cc81fd50c7c8174f158219f8d0d01e07b320af642961687a0b9e8aaffbb97964
- SHA512
  
  d40b0bc953340a164322eb061bf6f0fcacd7ef48c16ce980b4ea373f71d2a900c83ddfdbe13d701ea5778906a2bd465ca225b1b6a51e6f83721ac46d9ec340a7
- SSDEEP
  
  3072:auHX7P5VoBro+RFkzULhQBZkVMcFX0NhzjZ5OcgqkKNS5DZDBM:aUroBrolzUF6ZkVxFX0NPgqLNQM
Score

10^/10

smokeloader pub4 backdoor spyware trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderpub4backdoorspywaretrojan

behavioral2

smokeloaderpub4backdoortrojan