smokeloader

General

Target

ab1dc5be4c61abb58a961386bd61d419.bin
Size

118KB
Sample

231012-vlsk8ach9x
MD5

11792835f18a47b1727d6e3487135167
SHA1

4bc01626cc7ce4f0bf8564fdca233f111b274ee3
SHA256

6416c220d5a816c8a2828b29954ee0848209cc87894cc49518acbb5f18be4b11
SHA512

c1ab310312a48b9b1c791897ea61e59e63049739723d062dd617e36748b031ba9bc6dfee8669ae31adc190eb1f45462c9956342433f423b07914053a4fcbcffc
SSDEEP

3072:jUrDFuKtKvjEO5ss3kh7oIbBOV3oGy4HNabbqO2K5zKPlD:WDUKt197u3y2NaatKID

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://taibi.at/tmp/

http://01stroy.ru/tmp/

http://mal-net.com/tmp/

http://gromograd.ru/tmp/

http://kingpirate.ru/tmp/

rc4.i32

Targets

- Target
  
  66be9c888095cf0e79854879085490772ff443b7f13f654de2cea26b293dbd27.exe
- Size
  
  270KB
- MD5
  
  ab1dc5be4c61abb58a961386bd61d419
- SHA1
  
  04f52fc3cb5b008f9a80186a6500e5809291e465
- SHA256
  
  66be9c888095cf0e79854879085490772ff443b7f13f654de2cea26b293dbd27
- SHA512
  
  5e478fc5bcbc55b3994ec9a375a0d81ace13562b3c8ec44ae5e8d15fd32c6e7e76e147809d3700aefd8541e7f9025d00684b0e17d24fd01f14ca2d507caf45a3
- SSDEEP
  
  3072:/T1ZfLDUg54VEkHoE4GNF82yZTT+s4eUt:vfLDUgRkhRq2ydK1
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2