smokeloader

General

Target

bfd379f6ba363b58c41ff1728d765812
Size

177KB
Sample

240311-eww4dsbg74
MD5

bfd379f6ba363b58c41ff1728d765812
SHA1

16311f1b176404d3e2d03899230d7b559db65ffa
SHA256

250e01c816e633103e5a34bc7956a0df2cdd061f82408fceb9cb91e2088781f0
SHA512

964527e660f6bc02b5db3f075400e24f434ac849d5cb0de9a5c7413b736cd7d49539978947c5ff087a3739970f72ef52dc6a863df2b9340733dc8124cf0e427a
SSDEEP

3072:6L/mDOxeQPngrH6ioL+nx4n7/W1Rn88a4ROMVpxCZA9:6Lvk6ioSx4n88OROqCi

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

Targets

- Target
  
  bfd379f6ba363b58c41ff1728d765812
- Size
  
  177KB
- MD5
  
  bfd379f6ba363b58c41ff1728d765812
- SHA1
  
  16311f1b176404d3e2d03899230d7b559db65ffa
- SHA256
  
  250e01c816e633103e5a34bc7956a0df2cdd061f82408fceb9cb91e2088781f0
- SHA512
  
  964527e660f6bc02b5db3f075400e24f434ac849d5cb0de9a5c7413b736cd7d49539978947c5ff087a3739970f72ef52dc6a863df2b9340733dc8124cf0e427a
- SSDEEP
  
  3072:6L/mDOxeQPngrH6ioL+nx4n7/W1Rn88a4ROMVpxCZA9:6Lvk6ioSx4n88OROqCi
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2