smokeloader

General

Target

4a5176af4c9dedd9e984b193761d994bc68a76481ae3975eb0acb30e687e52ee
Size

231KB
Sample

240205-h3a2aaach4
MD5

ff1a6e6863428c2888d990c1afeb477e
SHA1

f15b4c057f1f323c3c9d876f36aa61b315b1dc5a
SHA256

4a5176af4c9dedd9e984b193761d994bc68a76481ae3975eb0acb30e687e52ee
SHA512

e37b9c8fb7b2d02f241d32b12d2863019af1d701ee10dbe11625379d8d240228dd8b60ad57ea5c5895d5e6c802079e4b2460812c2923085f454b00a3a2bc0394
SSDEEP

3072:rGTH9LSPLkeRLOfoeido3uaXY5n12cEb3X3RW91V35sUnX7q8564e3jGLxYx6TVj:M9LqRL4o2/cDErHwN35rMR3jGFY2

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

Targets

- Target
  
  4a5176af4c9dedd9e984b193761d994bc68a76481ae3975eb0acb30e687e52ee
- Size
  
  231KB
- MD5
  
  ff1a6e6863428c2888d990c1afeb477e
- SHA1
  
  f15b4c057f1f323c3c9d876f36aa61b315b1dc5a
- SHA256
  
  4a5176af4c9dedd9e984b193761d994bc68a76481ae3975eb0acb30e687e52ee
- SHA512
  
  e37b9c8fb7b2d02f241d32b12d2863019af1d701ee10dbe11625379d8d240228dd8b60ad57ea5c5895d5e6c802079e4b2460812c2923085f454b00a3a2bc0394
- SSDEEP
  
  3072:rGTH9LSPLkeRLOfoeido3uaXY5n12cEb3X3RW91V35sUnX7q8564e3jGLxYx6TVj:M9LqRL4o2/cDErHwN35rMR3jGFY2
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2