smokeloader

General

Target

c8d03d195bd3b65995d976cc50eb8d2d
Size

238KB
Sample

240314-rh4yasgc43
MD5

c8d03d195bd3b65995d976cc50eb8d2d
SHA1

8eab594ce3c3fb494a2dc5eae8773c7f62eedc4b
SHA256

c2279d99719d19560f7925cb4e2e5e10ae0b91f3f86a17d65bcca68ee616e4af
SHA512

cff4630d2cc6024571226de42e8f21f98ebe455a6de82c19e25851d6388527d0df861bcb7bc66baed2c0cf6f68566d8159b4e209254c3ff99258b8fa13d966cc
SSDEEP

6144:MCUo3Yiwutwq4uU/fHa4AM5Z36GUfab2BC3:8o3pwut05/1A2ZUA2BC3

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

Targets

- Target
  
  c8d03d195bd3b65995d976cc50eb8d2d
- Size
  
  238KB
- MD5
  
  c8d03d195bd3b65995d976cc50eb8d2d
- SHA1
  
  8eab594ce3c3fb494a2dc5eae8773c7f62eedc4b
- SHA256
  
  c2279d99719d19560f7925cb4e2e5e10ae0b91f3f86a17d65bcca68ee616e4af
- SHA512
  
  cff4630d2cc6024571226de42e8f21f98ebe455a6de82c19e25851d6388527d0df861bcb7bc66baed2c0cf6f68566d8159b4e209254c3ff99258b8fa13d966cc
- SSDEEP
  
  6144:MCUo3Yiwutwq4uU/fHa4AM5Z36GUfab2BC3:8o3pwut05/1A2ZUA2BC3
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2