smokeloader

General

Target

file.exe
Size

300KB
Sample

231014-dwqqyade2t
MD5

33487d7db4df8e52bbdfac0a3ee75c40
SHA1

6f85b757c4ffc7075c83931901dc131eeeca1149
SHA256

52d8af024085117c953e51448794db1ce4bc411436df0d7b692381626c84b9e1
SHA512

9b08c2fa12d23335ef317820d4429b66ccfa5e1dae0359f23a94e4d904b53a1bca08a640bdf4e640d11b7fd985d6243786694d661d9e4c5a68afb0f7d0d321b6
SSDEEP

6144:NGb3meV4m9q/EmtNsGyLP/r6pvEws/Hd:NgPVP9QTNsn/r6pvE9/9

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://potunulit.org/

http://hutnilior.net/

http://bulimu55t.net/

http://soryytlic4.net/

http://novanosa5org.org/

http://nuljjjnuli.org/

http://tolilolihul.net/

http://somatoka51hub.net/

http://hujukui3.net/

http://bukubuka1.net/

http://golilopaster.org/

http://newzelannd66.org/

http://otriluyttn.org/

rc4.i32

Targets

- Target
  
  file.exe
- Size
  
  300KB
- MD5
  
  33487d7db4df8e52bbdfac0a3ee75c40
- SHA1
  
  6f85b757c4ffc7075c83931901dc131eeeca1149
- SHA256
  
  52d8af024085117c953e51448794db1ce4bc411436df0d7b692381626c84b9e1
- SHA512
  
  9b08c2fa12d23335ef317820d4429b66ccfa5e1dae0359f23a94e4d904b53a1bca08a640bdf4e640d11b7fd985d6243786694d661d9e4c5a68afb0f7d0d321b6
- SSDEEP
  
  6144:NGb3meV4m9q/EmtNsGyLP/r6pvEws/Hd:NgPVP9QTNsn/r6pvE9/9
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2