smokeloader

General

Target

f7f5425c24099b69814e7c28a7bdfefe744f2be79a9fd01841cefa739e5ade1f
Size

153KB
Sample

231011-lx2htsfc9v
MD5

83a58817b1753c7047b6f176cf6cf47d
SHA1

cf3146f55c96ed70e4bdab5617c2c3c28323005a
SHA256

bfd9b4e47df4ef06bb3aaca313365a61ad566422bd989cdf6820275cdcb89409
SHA512

d205296406d1b3af8aea4ce77913ad54cfa5b4bf98a70619645bcaf4e1b8350bed5f435340551a9bb6e280469bcd395eb38cf8ab229f6675077d06061bc80366
SSDEEP

3072:xG4Wn5PKABC4VVlKc+nbmzn/xM42BI9t1EtnF6rQYEgXeb/RKI7jZFGzy:xoPKKC4VP2bw/xf19ti1F6XEgXeTRKI7

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

1
0x3b22e540

rc4.i32

1
0xa6b397e0

Targets

- Target
  
  f7f5425c24099b69814e7c28a7bdfefe744f2be79a9fd01841cefa739e5ade1f
- Size
  
  334KB
- MD5
  
  007f8a662eb169da1c5395604b7052e2
- SHA1
  
  8bf387f13859ae2b5464c423d0c56c811692c3a1
- SHA256
  
  f7f5425c24099b69814e7c28a7bdfefe744f2be79a9fd01841cefa739e5ade1f
- SHA512
  
  f1e35ad4be0fbae18bfe8f8e388b97fff99ae995ed9d937867e1a761feb0d10b5886fa28eabdd8ffe9b6b96c5b547a98c5a995b726c44dcdfa1403aa65a2fd09
- SSDEEP
  
  3072:+XX3lr3cpiq2I9uz+P6RJxs42BI9t1EtnF6r9kQOpzAEncl8iNj:OX3Z3Giq2Hv19ti1F62QQzo+
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

We care about your privacy.