smokeloader

General

Target

968a57c7356ede352e24d152d317e576c67408172b22bd5e76cff435f4b45ba8
Size

131KB
Sample

240220-tkz38sbf84
MD5

a5ded4c1001aff352387e75f27fb2a1f
SHA1

fb746a9eee8fc138d982edbc5de2401a8b054ac4
SHA256

968a57c7356ede352e24d152d317e576c67408172b22bd5e76cff435f4b45ba8
SHA512

e381d29ab8fc4f929a8a411b72bee6701acc37dd74f3f52a0578c61ef25b37bc3909c8b961d7704125614579069e56b804922d1518d55c13f38d420d4fbc24e7
SSDEEP

3072:aK4VduQocFVJgDzOJE+nzWq1VITQ1ZqMj:aK2uQnFVSDzOTDIMrq

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  968a57c7356ede352e24d152d317e576c67408172b22bd5e76cff435f4b45ba8
- Size
  
  131KB
- MD5
  
  a5ded4c1001aff352387e75f27fb2a1f
- SHA1
  
  fb746a9eee8fc138d982edbc5de2401a8b054ac4
- SHA256
  
  968a57c7356ede352e24d152d317e576c67408172b22bd5e76cff435f4b45ba8
- SHA512
  
  e381d29ab8fc4f929a8a411b72bee6701acc37dd74f3f52a0578c61ef25b37bc3909c8b961d7704125614579069e56b804922d1518d55c13f38d420d4fbc24e7
- SSDEEP
  
  3072:aK4VduQocFVJgDzOJE+nzWq1VITQ1ZqMj:aK2uQnFVSDzOTDIMrq
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2