smokeloader

General

Target

c0b3b0c8d71bb0703179dc37189b0b95.bin
Size

156KB
Sample

231121-ddfg9abg26
MD5

7f1e40df88ec3cca0acfdd1d43992c52
SHA1

2e79a6784c398d1b2961668143e705bd2dda8662
SHA256

b48c95c3e24908e9a4815d10eeb2416174bac7419d409a73693ac40d41144dee
SHA512

4696c9c692eb10e322f160e641d09bdf9934648095dca23ccac33fa01353f79ec9f9dc6f268ca149f43672684112c6bd55af1c4be94f2f74ea88be3283f59001
SSDEEP

3072:vKVzTrQ2qxQXQSmUtyHQJMqpmt9EbsoRmniE6rnBQXhjjooXJ46OtwIa+thCcLkm:vKVzHQb+QSmkVA9Ebai/FQXpooEG0NvJ

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://dpav.cc/tmp/

http://lrproduct.ru/tmp/

http://kggcp.com/tmp/

http://talesofpirates.net/tmp/

http://pirateking.online/tmp/

http://piratia.pw/tmp/

http://go-piratia.ru/tmp/

rc4.i32

Targets

- Target
  
  4afaefd1e04ef31fb1642e0b516c554e21de8340b84545641e7c29d028510afb.exe
- Size
  
  257KB
- MD5
  
  c0b3b0c8d71bb0703179dc37189b0b95
- SHA1
  
  3437226e6988290a2d9d9008dad3df912d7f8820
- SHA256
  
  4afaefd1e04ef31fb1642e0b516c554e21de8340b84545641e7c29d028510afb
- SHA512
  
  d3cead95f1af24e7a9e148bfd1c1c1a435761d4a38d39b1940af2ce263d10356cc3e8036b52a50371117c150b286c8e9bb459a4da8d4b9412fc41776f178711e
- SSDEEP
  
  3072:+f/wl7lJbgU1PXkX5cLdjlQnf3ldoOtl3XD4aUHjr9Rib7ovbDh9q:o8lJ84PXsUOnNdzDXDBUDSfMC
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2