smokeloader

General

Target

7c8765f7fa6a796d8a406291a6d276fff9b8fb1e5fdc46a68e81c1c98e5a8ba4
Size

270KB
Sample

240328-2hjx8sad8v
MD5

44a62a54b78c00fe7a0499f37345fdec
SHA1

852366939be686c42513b33d221a0b077ea7c92b
SHA256

7c8765f7fa6a796d8a406291a6d276fff9b8fb1e5fdc46a68e81c1c98e5a8ba4
SHA512

5fcc0ce716469de7716fdfca3d9ad5dd5e0f4a80d91c905d8b0ff59fb4dd39dc37b84e135438214e8d883149dd4ab9a8161805d6fd2068e47e6eebc860411136
SSDEEP

3072:1+ReEBL+pZwWcf7lc+VNX2VAX6+tnrqCYU2TXGE3lcVSCGO9fWRS5KQ4:YsEBrDlcitxITXGE3llK9f8QK

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  7c8765f7fa6a796d8a406291a6d276fff9b8fb1e5fdc46a68e81c1c98e5a8ba4
- Size
  
  270KB
- MD5
  
  44a62a54b78c00fe7a0499f37345fdec
- SHA1
  
  852366939be686c42513b33d221a0b077ea7c92b
- SHA256
  
  7c8765f7fa6a796d8a406291a6d276fff9b8fb1e5fdc46a68e81c1c98e5a8ba4
- SHA512
  
  5fcc0ce716469de7716fdfca3d9ad5dd5e0f4a80d91c905d8b0ff59fb4dd39dc37b84e135438214e8d883149dd4ab9a8161805d6fd2068e47e6eebc860411136
- SSDEEP
  
  3072:1+ReEBL+pZwWcf7lc+VNX2VAX6+tnrqCYU2TXGE3lcVSCGO9fWRS5KQ4:YsEBrDlcitxITXGE3llK9f8QK
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2