smokeloader

General

Target

faa669660a14d7ab3fb483443b4ab86c.bin
Size

261KB
Sample

231220-elxl6sbbam
MD5

faa669660a14d7ab3fb483443b4ab86c
SHA1

cb5228829a559affd3a5d1bed3adf05df513e741
SHA256

359ddf4b6d3df8be2fd5a9ed0ade5211ae219ef29085f1a8737b39a75a3ca947
SHA512

093148dfa4015489713f88e51dd1a6d0012f8bb78c0e4f89afa95d205d60509f40b62046927973c5208e442c8dc6b161d743bdf91a6c1883978d08475c201fce
SSDEEP

3072:H4Iaat/GHT5oIAc3cvaBIPbjK4NuCID3Fh+BGDwkz0ZjtJaWw+YbCUBZGyLqdX:n+z5ONfZQFT+BGD1z0Z6h+JUBZLL

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://humydrole.com/tmp/index.php

http://trunk-co.ru/tmp/index.php

http://weareelight.com/tmp/index.php

http://pirateking.online/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  faa669660a14d7ab3fb483443b4ab86c.bin
- Size
  
  261KB
- MD5
  
  faa669660a14d7ab3fb483443b4ab86c
- SHA1
  
  cb5228829a559affd3a5d1bed3adf05df513e741
- SHA256
  
  359ddf4b6d3df8be2fd5a9ed0ade5211ae219ef29085f1a8737b39a75a3ca947
- SHA512
  
  093148dfa4015489713f88e51dd1a6d0012f8bb78c0e4f89afa95d205d60509f40b62046927973c5208e442c8dc6b161d743bdf91a6c1883978d08475c201fce
- SSDEEP
  
  3072:H4Iaat/GHT5oIAc3cvaBIPbjK4NuCID3Fh+BGDwkz0ZjtJaWw+YbCUBZGyLqdX:n+z5ONfZQFT+BGD1z0Z6h+JUBZLL
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2