smokeloader

General

Target

file
Size

233KB
Sample

231010-ytj6laag82
MD5

633dc163625079c7bd31f08647ac4076
SHA1

8d2fe572c3d6c21736c02cf0f0c50a912260d5cd
SHA256

e40aa48bbd379996e93f19561ea54e5f0059efb319fd68b7fcabbb0ee4f92a26
SHA512

ce5e062dbfc301fef2d03c56b92e57dd6e179a062c79d44b6ed9993d45edcb2ec82de2033fc560ba1d478d1914ae3bf48724125dca7dac5a74366bd5fe37f1b7
SSDEEP

3072:naXRAEsNvj8CgI8QMjXQTzlkK2scS5/Im8KpATO3:esN+uMWAgIm8KpAT

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  file
- Size
  
  233KB
- MD5
  
  633dc163625079c7bd31f08647ac4076
- SHA1
  
  8d2fe572c3d6c21736c02cf0f0c50a912260d5cd
- SHA256
  
  e40aa48bbd379996e93f19561ea54e5f0059efb319fd68b7fcabbb0ee4f92a26
- SHA512
  
  ce5e062dbfc301fef2d03c56b92e57dd6e179a062c79d44b6ed9993d45edcb2ec82de2033fc560ba1d478d1914ae3bf48724125dca7dac5a74366bd5fe37f1b7
- SSDEEP
  
  3072:naXRAEsNvj8CgI8QMjXQTzlkK2scS5/Im8KpATO3:esN+uMWAgIm8KpAT
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2