smokeloader

General

Target

fe6c99098c6424c450d6127548d50690c66ac0618f9bcbcac56f7831ccbf4e2d
Size

164KB
Sample

231011-hrcezagd3w
MD5

0df62f6b9a516d5c2c3b1536c65c2d28
SHA1

313c986bb27624fcbdb5015fdbebe966d12675b4
SHA256

1ecbbde5488be99a9be2181a7592dafceb04559c4b5da309534044070b5e5d94
SHA512

f8a00a406977e5eb9e448541a642c62cb4a4a538ecfa968a49c726d3dc306eec28ae4dbf103e6c966c7bdaaf467bf77f52228b94cffb442fdc7bcca48e988d1a
SSDEEP

3072:kfLrQI0oly+fuX88R6UHZXDin5QOb46mlRc5UXLmy12XBmfiob05tbIHuuJ:qLzusS6UdOn5QI4WUlABmfItbIH

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  fe6c99098c6424c450d6127548d50690c66ac0618f9bcbcac56f7831ccbf4e2d
- Size
  
  249KB
- MD5
  
  477e0b10c02a06a99907543ad977b2fe
- SHA1
  
  cef7c8581b0bb0c25c86d9c15553cb20c10b5965
- SHA256
  
  fe6c99098c6424c450d6127548d50690c66ac0618f9bcbcac56f7831ccbf4e2d
- SHA512
  
  b7005331509415d5d1e22600e23013a19001a3e766265bce9d2482d42d660145e1d5e7aa8aaba695f071c34d9fb55ac760fe22352973860e38623d7de21d9dfb
- SSDEEP
  
  6144:lGBr8cC6zznv4n5QI4WUZdpJ9KEpDhTx:lGScC6P45udp5DF
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2