smokeloader

General

Target

file
Size

247KB
Sample

231012-q26qkaef65
MD5

e78ccf1b9d072d36b47d1424e76bc4d1
SHA1

cf28854f3f276c8535a64fed4a66ee692de25094
SHA256

1801034f0db7887abaefb251636db652dc3124f22c1d3a0965cf74c8cf6396f6
SHA512

1c7e36aa61c90004c750e1a10880cef676c31403454478b3eff0381ebb11bac6fe893b91235c188675e94a5d8f668dbd65368f45da0bd93a331a8333a25f04b3
SSDEEP

3072:TP4iyEE23pSH27SoZRLm1MG8Z00TnhAas28YCmWB+w:cEE23gWuoZgCTnliB

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://potunulit.org/

http://hutnilior.net/

http://bulimu55t.net/

http://soryytlic4.net/

http://novanosa5org.org/

http://nuljjjnuli.org/

http://tolilolihul.net/

http://somatoka51hub.net/

http://hujukui3.net/

http://bukubuka1.net/

http://golilopaster.org/

http://newzelannd66.org/

http://otriluyttn.org/

rc4.i32

Targets

- Target
  
  file
- Size
  
  247KB
- MD5
  
  e78ccf1b9d072d36b47d1424e76bc4d1
- SHA1
  
  cf28854f3f276c8535a64fed4a66ee692de25094
- SHA256
  
  1801034f0db7887abaefb251636db652dc3124f22c1d3a0965cf74c8cf6396f6
- SHA512
  
  1c7e36aa61c90004c750e1a10880cef676c31403454478b3eff0381ebb11bac6fe893b91235c188675e94a5d8f668dbd65368f45da0bd93a331a8333a25f04b3
- SSDEEP
  
  3072:TP4iyEE23pSH27SoZRLm1MG8Z00TnhAas28YCmWB+w:cEE23gWuoZgCTnliB
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2