smokeloader

General

Target

file
Size

246KB
Sample

231012-qdqz7sdd23
MD5

ad495d4d35d5e2b6f33d40a985a0d0dd
SHA1

1ac10a5c15ff67bc14ee4b932150e7cacc9602bd
SHA256

d3502cf4269d0c8890f864ef9788d4a8c0c13d0320799a821074215ab14ddb41
SHA512

d32349039dfb32461098f8fa253aa699dc5448dda299dc4fb15a4ebb004b8c775da4e1ac55e29335e91780d070823e0db7d3cdc325e9abcd091f7394c7d34248
SSDEEP

3072:x17KTW5qjF2YBrQP4F3SDWCyzPMfdIbiM1aSWKPZHb:OTW5qAYBr4EiDpyIyFaSWKPZ

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://gudintas.at/tmp/

http://pik96.ru/tmp/

http://rosatiauto.com/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  file
- Size
  
  246KB
- MD5
  
  ad495d4d35d5e2b6f33d40a985a0d0dd
- SHA1
  
  1ac10a5c15ff67bc14ee4b932150e7cacc9602bd
- SHA256
  
  d3502cf4269d0c8890f864ef9788d4a8c0c13d0320799a821074215ab14ddb41
- SHA512
  
  d32349039dfb32461098f8fa253aa699dc5448dda299dc4fb15a4ebb004b8c775da4e1ac55e29335e91780d070823e0db7d3cdc325e9abcd091f7394c7d34248
- SSDEEP
  
  3072:x17KTW5qjF2YBrQP4F3SDWCyzPMfdIbiM1aSWKPZHb:OTW5qAYBr4EiDpyIyFaSWKPZ
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2