smokeloader

General

Target

00174a8ed6db23527b71e10b20f95f1a
Size

206KB
Sample

231231-ztwp3aeagq
MD5

00174a8ed6db23527b71e10b20f95f1a
SHA1

b18034926c23b5fe6738bb96ce7e0171d4e9afad
SHA256

87582213c6a87191e11d621987a201e02150f2be27673b6368b353e4707ff966
SHA512

a6a8eab01ba65bc8f5491c30b690ba4c5b3e2f27d1b5680523a18c5c6dbbe53220ae77beca716fa86083bbd003ab3ab47b62f603d1fc86516681e42e350a7174
SSDEEP

3072:tQ5pt5qw+Tq2Jc/4LoyZ2QA5wbuRWppK1dFnArywoOLi6R:tIZqNTA/4U6btppAnRwoOL

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Targets

- Target
  
  00174a8ed6db23527b71e10b20f95f1a
- Size
  
  206KB
- MD5
  
  00174a8ed6db23527b71e10b20f95f1a
- SHA1
  
  b18034926c23b5fe6738bb96ce7e0171d4e9afad
- SHA256
  
  87582213c6a87191e11d621987a201e02150f2be27673b6368b353e4707ff966
- SHA512
  
  a6a8eab01ba65bc8f5491c30b690ba4c5b3e2f27d1b5680523a18c5c6dbbe53220ae77beca716fa86083bbd003ab3ab47b62f603d1fc86516681e42e350a7174
- SSDEEP
  
  3072:tQ5pt5qw+Tq2Jc/4LoyZ2QA5wbuRWppK1dFnArywoOLi6R:tIZqNTA/4U6btppAnRwoOL
Score

10^/10

smokeloader pub5 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4