smokeloader

General

Target

898a57544bdfbaac62372f1b7bc63610750c0f377c66c372e34909e6c5f474c5
Size

179KB
Sample

240308-xa1tkadh54
MD5

894baeb7be85c01940e2043eacd82c7a
SHA1

aff64515061e22951ac3a917dfd4c7a66443d9fb
SHA256

898a57544bdfbaac62372f1b7bc63610750c0f377c66c372e34909e6c5f474c5
SHA512

15e2093d7082f2a3a2e0175a87061ebea924b8a7b511836bbd8b4f9a2aa11b80b420016d0b9f388724f755e4751f70db5bd77138710f4e8d1764bc569be62c7b
SSDEEP

3072:y/yBN6fEr6ADs9r7xOsj139boI2WIkP4eXUkyKc0AFOAL6uQX:yuJ+ADIr7Asjl9b1f4eVyKUFOAL

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://wirtshauspost.at/tmp/

http://msktk.ru/tmp/

http://soetegem.com/tmp/

http://gromograd.ru/tmp/

http://talesofpirates.net/tmp/

rc4.i32

Targets

- Target
  
  898a57544bdfbaac62372f1b7bc63610750c0f377c66c372e34909e6c5f474c5
- Size
  
  179KB
- MD5
  
  894baeb7be85c01940e2043eacd82c7a
- SHA1
  
  aff64515061e22951ac3a917dfd4c7a66443d9fb
- SHA256
  
  898a57544bdfbaac62372f1b7bc63610750c0f377c66c372e34909e6c5f474c5
- SHA512
  
  15e2093d7082f2a3a2e0175a87061ebea924b8a7b511836bbd8b4f9a2aa11b80b420016d0b9f388724f755e4751f70db5bd77138710f4e8d1764bc569be62c7b
- SSDEEP
  
  3072:y/yBN6fEr6ADs9r7xOsj139boI2WIkP4eXUkyKc0AFOAL6uQX:yuJ+ADIr7Asjl9b1f4eVyKUFOAL
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2