smokeloader

General

Target

4bf74063e78dd6b36d0e931ddb07a594
Size

320KB
Sample

240108-vej1haefe5
MD5

4bf74063e78dd6b36d0e931ddb07a594
SHA1

3802357f1baac4268311f16d490937ebb2758433
SHA256

9ad6fdadb26d89cfa2912a721bcae1beab8aaa527c1e145ce145ee955e2f2f78
SHA512

3b60f2bdcf88e7bdbad3d549f709661335441105c6aedd76efcddcc677e31e0ebe992165a000464c9db92a0e54dcce4cf0870254ba214c53f4b81ea2571b650b
SSDEEP

6144:L2iVTXrWr2O5nFe1pKirvhk0pz7Sbj5JswgmcQWKdqxkBMLxXdD0e/kq:dVLSJnFe1pKiVk0pzObrTsqGLNv/

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Targets

- Target
  
  4bf74063e78dd6b36d0e931ddb07a594
- Size
  
  320KB
- MD5
  
  4bf74063e78dd6b36d0e931ddb07a594
- SHA1
  
  3802357f1baac4268311f16d490937ebb2758433
- SHA256
  
  9ad6fdadb26d89cfa2912a721bcae1beab8aaa527c1e145ce145ee955e2f2f78
- SHA512
  
  3b60f2bdcf88e7bdbad3d549f709661335441105c6aedd76efcddcc677e31e0ebe992165a000464c9db92a0e54dcce4cf0870254ba214c53f4b81ea2571b650b
- SSDEEP
  
  6144:L2iVTXrWr2O5nFe1pKirvhk0pz7Sbj5JswgmcQWKdqxkBMLxXdD0e/kq:dVLSJnFe1pKiVk0pzObrTsqGLNv/
Score

10^/10

smokeloader pub5 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2