smokeloader

General

Target

3db942a351d54b698e9836bb4a6fd9ddd0ae96e90033549f9f12517a25bf3ede
Size

286KB
Sample

240216-eh6exage7x
MD5

b70a1bd49d4133d98946486d4ec6bb36
SHA1

9feed9636e3a411bd1d2a3e80e713fe53376d9c4
SHA256

3db942a351d54b698e9836bb4a6fd9ddd0ae96e90033549f9f12517a25bf3ede
SHA512

880b427c04cd532f7f49f496c5fb1f3a4244757deff6495c2b20d7b19631dd296a9a04ae968d9f3d51f3b022ea4c4d16a57e7c2a215c9a0b053b96dcfb290441
SSDEEP

3072:ufWRCy/dqG9gUvXg+CqJixR0/IJJQ79eh8o8EskJw64QO1N3:uCCy/PJZKWIJJL5j1O1N

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

Targets

- Target
  
  3db942a351d54b698e9836bb4a6fd9ddd0ae96e90033549f9f12517a25bf3ede
- Size
  
  286KB
- MD5
  
  b70a1bd49d4133d98946486d4ec6bb36
- SHA1
  
  9feed9636e3a411bd1d2a3e80e713fe53376d9c4
- SHA256
  
  3db942a351d54b698e9836bb4a6fd9ddd0ae96e90033549f9f12517a25bf3ede
- SHA512
  
  880b427c04cd532f7f49f496c5fb1f3a4244757deff6495c2b20d7b19631dd296a9a04ae968d9f3d51f3b022ea4c4d16a57e7c2a215c9a0b053b96dcfb290441
- SSDEEP
  
  3072:ufWRCy/dqG9gUvXg+CqJixR0/IJJQ79eh8o8EskJw64QO1N3:uCCy/PJZKWIJJL5j1O1N
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2