smokeloader

General

Target

0fd5d12ecd023e00a35c3f22158709f4088e49c3b9fce7ac6ebbf7228f874978_JC.exe
Size

242KB
Sample

231011-gxpf2sea6s
MD5

6ccda75559212c7844b6f438e1529fdb
SHA1

21725740126bcf0f58e7d2e5294a4ec297568da0
SHA256

0fd5d12ecd023e00a35c3f22158709f4088e49c3b9fce7ac6ebbf7228f874978
SHA512

5b84271a5703e6d453455bb7e290e0b2260eed250ab10e604d0a4ce2a447af4d101e6242a35bb5547320958055eaa5cfeb622844e091e7ffd048e3e2f76ec993
SSDEEP

3072:hnb4exKruCLlIKvKmVpve6WGX9uin5s3yDKdpPQ6T5cbac6TOac:B6uCLiK5nyGX5n5sf9Ubac6TO

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  0fd5d12ecd023e00a35c3f22158709f4088e49c3b9fce7ac6ebbf7228f874978_JC.exe
- Size
  
  242KB
- MD5
  
  6ccda75559212c7844b6f438e1529fdb
- SHA1
  
  21725740126bcf0f58e7d2e5294a4ec297568da0
- SHA256
  
  0fd5d12ecd023e00a35c3f22158709f4088e49c3b9fce7ac6ebbf7228f874978
- SHA512
  
  5b84271a5703e6d453455bb7e290e0b2260eed250ab10e604d0a4ce2a447af4d101e6242a35bb5547320958055eaa5cfeb622844e091e7ffd048e3e2f76ec993
- SSDEEP
  
  3072:hnb4exKruCLlIKvKmVpve6WGX9uin5s3yDKdpPQ6T5cbac6TOac:B6uCLiK5nyGX5n5sf9Ubac6TO
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2