smokeloader

General

Target

ce4cbc7ed196e5720ea2a781fee461f5
Size

328KB
Sample

240316-ry8w7ach9t
MD5

ce4cbc7ed196e5720ea2a781fee461f5
SHA1

c335eae8dc37e34154598d79c0da8516b0adce1b
SHA256

133bde6a22b3c4fecde7d12793a2513220bf4e1374b79efe2be9606543789591
SHA512

8c47513fee6751528ada8bf8bfce981836b5160d5b1e3765dddb4e2d98972d5018ed19c7d22a449999c25d4f475a35509c406ab8b7c58674a8310f1837743398
SSDEEP

6144:hgYGul5R8VFKxLXuYppqkTcvMQyQmHmrld510hdZVSIhzk0KU5:4O5RysLDpZT2Mf5HalcdvhQm5

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2020

C2

http://conceitosseg.com/upload/

http://integrasidata.com/upload/

http://ozentekstil.com/upload/

http://finbelportal.com/upload/

http://telanganadigital.com/upload/

rc4.i32

Targets

- Target
  
  ce4cbc7ed196e5720ea2a781fee461f5
- Size
  
  328KB
- MD5
  
  ce4cbc7ed196e5720ea2a781fee461f5
- SHA1
  
  c335eae8dc37e34154598d79c0da8516b0adce1b
- SHA256
  
  133bde6a22b3c4fecde7d12793a2513220bf4e1374b79efe2be9606543789591
- SHA512
  
  8c47513fee6751528ada8bf8bfce981836b5160d5b1e3765dddb4e2d98972d5018ed19c7d22a449999c25d4f475a35509c406ab8b7c58674a8310f1837743398
- SSDEEP
  
  6144:hgYGul5R8VFKxLXuYppqkTcvMQyQmHmrld510hdZVSIhzk0KU5:4O5RysLDpZT2Mf5HalcdvhQm5
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2