smokeloader

General

Target

01561de2a4fccf06f1c26ba2191f0a126db7303f031d549ea2582858c2ca89ee
Size

208KB
Sample

240315-baytbace7s
MD5

ff18fca31ddd5c89aa029712641c40f1
SHA1

45d725299987de2a3f6d9fd304736f1e455a4571
SHA256

01561de2a4fccf06f1c26ba2191f0a126db7303f031d549ea2582858c2ca89ee
SHA512

23f80f086b1979c32fc324e93cd9c3669d26f5e5cd7d27ebe8a793d1f3d37da369aca0d411d8b4fbe759008e239a371c8b84fb29b1e44b525c72320de2f4f772
SSDEEP

3072:NPXv053azBJwiu1h48CFX6HS2Sy4Z1LbeMDpf9:N3w3adJW1hXAUS2S1iMd

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  01561de2a4fccf06f1c26ba2191f0a126db7303f031d549ea2582858c2ca89ee
- Size
  
  208KB
- MD5
  
  ff18fca31ddd5c89aa029712641c40f1
- SHA1
  
  45d725299987de2a3f6d9fd304736f1e455a4571
- SHA256
  
  01561de2a4fccf06f1c26ba2191f0a126db7303f031d549ea2582858c2ca89ee
- SHA512
  
  23f80f086b1979c32fc324e93cd9c3669d26f5e5cd7d27ebe8a793d1f3d37da369aca0d411d8b4fbe759008e239a371c8b84fb29b1e44b525c72320de2f4f772
- SSDEEP
  
  3072:NPXv053azBJwiu1h48CFX6HS2Sy4Z1LbeMDpf9:N3w3adJW1hXAUS2S1iMd
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2