smokeloader

General

Target

5aa57140556a8d45b43002aba104b932
Size

320KB
Sample

240114-jcjq6sfcc6
MD5

5aa57140556a8d45b43002aba104b932
SHA1

904a27de1568eeaf8d97d686cfbacd26a2157f61
SHA256

547e6e67e28b7f1076fb07e22f27692922cc0c5ca5413fe9a46282049edecfd1
SHA512

79ceb5529a3c2b724446a69db66938fefc031e63d9daacea233fdac43d138b90bbc431ac62ae48eebfb6671e0d6f3d118c9a4a673540e471e11e78c0a9ef6545
SSDEEP

3072:GXNRgaB5c6KTy2kLOR1+o0W152aDIUwmwyUvwqVsPHTw:oB2tm2kLwoo0WOaDIUwZyF3fE

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://vot552.com/upload/

http://offce221.com/upload/

http://lavanda.best/upload/

http://kinolive.best/upload/

rc4.i32

Targets

- Target
  
  5aa57140556a8d45b43002aba104b932
- Size
  
  320KB
- MD5
  
  5aa57140556a8d45b43002aba104b932
- SHA1
  
  904a27de1568eeaf8d97d686cfbacd26a2157f61
- SHA256
  
  547e6e67e28b7f1076fb07e22f27692922cc0c5ca5413fe9a46282049edecfd1
- SHA512
  
  79ceb5529a3c2b724446a69db66938fefc031e63d9daacea233fdac43d138b90bbc431ac62ae48eebfb6671e0d6f3d118c9a4a673540e471e11e78c0a9ef6545
- SSDEEP
  
  3072:GXNRgaB5c6KTy2kLOR1+o0W152aDIUwmwyUvwqVsPHTw:oB2tm2kLwoo0WOaDIUwZyF3fE
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2