smokeloader

General

Target

a65bee6f6f73c5af491fd231e727a3ee
Size

340KB
Sample

240226-pqpr8sde87
MD5

a65bee6f6f73c5af491fd231e727a3ee
SHA1

d0144e7dd54f049b1fd7bec2ef10565cd5bc4186
SHA256

7eee73530a2d89ddb0d3b0fadb213424ab8552b9f2e5ff6471274ac48496a26c
SHA512

cef5c7d0894239d0cf4bc25654f303294fd1b6b26e6361d802770c3aaed6866e141d0877c3c484c7e6594d644aad40be12ccdabb582286cb5b777788c7d28f06
SSDEEP

6144:vlpwIoz9mwXoYFkxkW0UqxQs963QBaRRsiFDZSA9u68hjLt:XwIopBFkxkhysQ3Q47DN9H

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Targets

- Target
  
  a65bee6f6f73c5af491fd231e727a3ee
- Size
  
  340KB
- MD5
  
  a65bee6f6f73c5af491fd231e727a3ee
- SHA1
  
  d0144e7dd54f049b1fd7bec2ef10565cd5bc4186
- SHA256
  
  7eee73530a2d89ddb0d3b0fadb213424ab8552b9f2e5ff6471274ac48496a26c
- SHA512
  
  cef5c7d0894239d0cf4bc25654f303294fd1b6b26e6361d802770c3aaed6866e141d0877c3c484c7e6594d644aad40be12ccdabb582286cb5b777788c7d28f06
- SSDEEP
  
  6144:vlpwIoz9mwXoYFkxkW0UqxQs963QBaRRsiFDZSA9u68hjLt:XwIopBFkxkhysQ3Q47DN9H
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2