smokeloader

General

Target

53a03500ec6e028dba1f0fa320d40b42.exe
Size

223KB
Sample

240111-y9fhcagadl
MD5

53a03500ec6e028dba1f0fa320d40b42
SHA1

58f63c062b4c99b18bcd2d624ec9bf5a3258db38
SHA256

96a1db9bd739ffcc097a408fee67929b677a74f889876ab90bc8643e555e8e98
SHA512

9abcf58239e3b8dc7b713bdff167095ff38a80622f71d5935886a3b84918eb67dfad7c56dcabb58a6bac3b6e34d3943565cc7b1be3da0373ea264ba1070eaa99
SSDEEP

3072:PfNlX6vtMC558/unZNM8C8D1USUCl5+w7YWnWnCNeoBGZNNb:rTCw/uwFaSOWbWWCIwGZN

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Targets

- Target
  
  53a03500ec6e028dba1f0fa320d40b42.exe
- Size
  
  223KB
- MD5
  
  53a03500ec6e028dba1f0fa320d40b42
- SHA1
  
  58f63c062b4c99b18bcd2d624ec9bf5a3258db38
- SHA256
  
  96a1db9bd739ffcc097a408fee67929b677a74f889876ab90bc8643e555e8e98
- SHA512
  
  9abcf58239e3b8dc7b713bdff167095ff38a80622f71d5935886a3b84918eb67dfad7c56dcabb58a6bac3b6e34d3943565cc7b1be3da0373ea264ba1070eaa99
- SSDEEP
  
  3072:PfNlX6vtMC558/unZNM8C8D1USUCl5+w7YWnWnCNeoBGZNNb:rTCw/uwFaSOWbWWCIwGZN
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2