smokeloader

General

Target

9ca6c5537defdc27fa4198c970e11d81
Size

250KB
Sample

240215-cc6glsef95
MD5

9ca6c5537defdc27fa4198c970e11d81
SHA1

ccd8a8c7f34c0cd0d82e9f09003ff3df00ed6596
SHA256

35a543ee4c579f2d2df9fbb67e3c877949a5f3838437e4ebb621ad03a69d7788
SHA512

4e9b4f8369f4f8463fc93e418139d5ca30ee3425c3a9f479feb74c5edea5451e56ad48b53cf214e5e6ead8cb839248f9c6b1c701e0ff1dd5f6b87d226da12779
SSDEEP

3072:lzYFLvjONHfwa6CPeDpmMK5lR/z/L1jEfPFi+XBHj8dZPOwNVXjzoZ8V:o4VIirjLK1RUZrNVfs8V

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Targets

- Target
  
  9ca6c5537defdc27fa4198c970e11d81
- Size
  
  250KB
- MD5
  
  9ca6c5537defdc27fa4198c970e11d81
- SHA1
  
  ccd8a8c7f34c0cd0d82e9f09003ff3df00ed6596
- SHA256
  
  35a543ee4c579f2d2df9fbb67e3c877949a5f3838437e4ebb621ad03a69d7788
- SHA512
  
  4e9b4f8369f4f8463fc93e418139d5ca30ee3425c3a9f479feb74c5edea5451e56ad48b53cf214e5e6ead8cb839248f9c6b1c701e0ff1dd5f6b87d226da12779
- SSDEEP
  
  3072:lzYFLvjONHfwa6CPeDpmMK5lR/z/L1jEfPFi+XBHj8dZPOwNVXjzoZ8V:o4VIirjLK1RUZrNVfs8V
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2