smokeloader

General

Target

f9969ef3805249fe3fd6f6ffdb0723b8.bin
Size

127KB
Sample

231102-d9xreafg4x
MD5

60763b5a22e6ec0c535c88df4e4aa79b
SHA1

c5e484b29a2594abc1af69116bfac141bcb91382
SHA256

213e69165e71021916b2c7ddb354062a806235733680d99a808849956f42439e
SHA512

b7c69f31d24a6863feb4048310ea20965c21822d9de11a9e14818f289ece2b08389666b4c14b5342d4c2d8896e6fd03cf87d81b9ae37abb60a48b1a2524c4f8c
SSDEEP

3072:ip4pjzsvSb/keafi7PArPbRbaJQv9UOt6YT9/rXEQaJlVAK5:ThzsaoRi7PsaSvnTpXWJlVAK5

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://dpav.cc/tmp/

http://lrproduct.ru/tmp/

http://kggcp.com/tmp/

http://talesofpirates.net/tmp/

http://pirateking.online/tmp/

http://piratia.pw/tmp/

http://go-piratia.ru/tmp/

rc4.i32

Targets

- Target
  
  51690da60d1c2bfe20e0e865240193bc3d9e2dbc3e5727de8891976b01b83fa0.exe
- Size
  
  206KB
- MD5
  
  f9969ef3805249fe3fd6f6ffdb0723b8
- SHA1
  
  bb3c689bc0837515cb82739d0efb92441f7c31d7
- SHA256
  
  51690da60d1c2bfe20e0e865240193bc3d9e2dbc3e5727de8891976b01b83fa0
- SHA512
  
  ffe3b8786baf1fd5de2b473871c12c44e4f2a8ea2859d556d674325f6e67b950aba7acae762d5efcab9d02bd89912ab4f66eea906335a76f47abca8d5f3cc91c
- SSDEEP
  
  3072:oBTRRddkirFSMB6V8JURZFY0hj34h/wDtfDpmwA9AFnJNUc:WRRddDrFSMUeJURnv4O7O9
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2