smokeloader

General

Target

05d28ced5f9011af1f08bdc912b2259990abdc42c7df69b5b2c5e8aff314e573
Size

151KB
Sample

231011-lbnpvaff58
MD5

9009ee98596c5e490db8aeb250d63244
SHA1

81d6ef4fb91663a1404ded1a9d813080fc77e899
SHA256

556d67256f664e6416d5180a32573fddb64b81e258901b5439217e217c7e1df6
SHA512

78b37ed82215afb89c1a7aebc14b612efeb886c5bdf74db5ae2b81b335dcd95b025f3cbc46ef0d8db69e9e3a47167fbe33b2ace4b0af564a67f9c81a75672e23
SSDEEP

3072:RnTUnbARqW+IqsK/euqgoATc1r467lbQBaK8hgwMhEondN1yxb2dbmxN8:hTIwapJ4N4GVMaKePMjdzs7xi

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  05d28ced5f9011af1f08bdc912b2259990abdc42c7df69b5b2c5e8aff314e573
- Size
  
  333KB
- MD5
  
  2a6f16d024ed5fdeba9818084478e812
- SHA1
  
  7cf032c2f0857a01adb24f955052a960e76e8957
- SHA256
  
  05d28ced5f9011af1f08bdc912b2259990abdc42c7df69b5b2c5e8aff314e573
- SHA512
  
  20cb90012963311874b9ba0cf46ae3d1cadc547881dd9e3b48670d5094c37fb73bd71976eb51232fa7bbee9b1da358a23a28960b4dfb637662ee03d28f3985cf
- SSDEEP
  
  3072:8XLAZ/3df2qjyfleJB7QMuQBaK8hgwMhOci01CHng7GNo:sLA5392qjgcJeZMaKePM0M1CA
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2