smokeloader

General

Target

SecuriteInfo.com.Win32.TrojanX-gen.9469.11933.exe
Size

247KB
Sample

231012-p6vcnaag5x
MD5

53d2d45f570deb71af14affdb72baf93
SHA1

84881ecddeba1faed01ed4c66dc52099b86cf0ef
SHA256

9cd51e10e0654c87d3e1ebcd86f93f90e6314c6f8538f25d9c8a15ac48827c9b
SHA512

81966fd17102d505f9a19d5998a94967f48447bf2bf5284ae53a723a07be3af0216d64681f6c02c90bdc5669c158ebeb5d61958f29d1ca3414f846d99ea15466
SSDEEP

3072:zRjKPWHTEYk1bGdclFAzMhjkFHqgfGV73rf9DSQEg6L4D:wPWHTeGalF7me5kg6

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

0023

Extracted

Family

smokeloader

Version

2022

C2

https://nebraska-pizza.com/search.php

https://alaska-ships.com/search.php

rc4.i32

Targets

- Target
  
  SecuriteInfo.com.Win32.TrojanX-gen.9469.11933.exe
- Size
  
  247KB
- MD5
  
  53d2d45f570deb71af14affdb72baf93
- SHA1
  
  84881ecddeba1faed01ed4c66dc52099b86cf0ef
- SHA256
  
  9cd51e10e0654c87d3e1ebcd86f93f90e6314c6f8538f25d9c8a15ac48827c9b
- SHA512
  
  81966fd17102d505f9a19d5998a94967f48447bf2bf5284ae53a723a07be3af0216d64681f6c02c90bdc5669c158ebeb5d61958f29d1ca3414f846d99ea15466
- SSDEEP
  
  3072:zRjKPWHTEYk1bGdclFAzMhjkFHqgfGV73rf9DSQEg6L4D:wPWHTeGalF7me5kg6
Score

10^/10

smokeloader 0023 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2