smokeloader

General

Target

7ed9533ee1b474546613bd4a48378688555f6732139825e1fb08cbf9ed5e9c63
Size

304KB
Sample

240111-wz98vseef7
MD5

6ad6a861d488c79dac0b5ae68d20e3d4
SHA1

a01e1b0e4d129143c2f0fcff3377c13ab64e300f
SHA256

7ed9533ee1b474546613bd4a48378688555f6732139825e1fb08cbf9ed5e9c63
SHA512

c797aa96dc67dcacd31cf5a03556181a835587324e2e13108d8d9586b862010a0cec10a27795948cea7d9aac22760d21f52f34059dc486a5003d4d92314d4362
SSDEEP

3072:1vMpELIrZUCYy+qKxi40TC0Ru31pMpq7+V05Zg3yU0Fwj0:tDLINc4TC0g3wpq7+6g3V

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2022

C2

http://gxutc2c.com/tmp/index.php

http://proekt8.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://pirateking.online/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  7ed9533ee1b474546613bd4a48378688555f6732139825e1fb08cbf9ed5e9c63
- Size
  
  304KB
- MD5
  
  6ad6a861d488c79dac0b5ae68d20e3d4
- SHA1
  
  a01e1b0e4d129143c2f0fcff3377c13ab64e300f
- SHA256
  
  7ed9533ee1b474546613bd4a48378688555f6732139825e1fb08cbf9ed5e9c63
- SHA512
  
  c797aa96dc67dcacd31cf5a03556181a835587324e2e13108d8d9586b862010a0cec10a27795948cea7d9aac22760d21f52f34059dc486a5003d4d92314d4362
- SSDEEP
  
  3072:1vMpELIrZUCYy+qKxi40TC0Ru31pMpq7+V05Zg3yU0Fwj0:tDLINc4TC0g3wpq7+6g3V
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2