smokeloader

General

Target

55a596574d5ebbe54127f4318e03699724fb5bae033cd09d8ce7abc633fdeb4f
Size

266KB
Sample

240329-z85araaa6t
MD5

3514fe1108fa6af760fd1094b297c575
SHA1

9a16d751f575c5ec39997794511780f4ec5bae4c
SHA256

55a596574d5ebbe54127f4318e03699724fb5bae033cd09d8ce7abc633fdeb4f
SHA512

cfbfec4ee590e331053914c8ba313a3724de34ad0e95344fc95531ffccd43122fda54235802e7868c51cd095d2cc425673e9753a585bc9b93356f2da3f7aaed7
SSDEEP

3072:4IMqc2L18N+mDFq/6V+aDkaTepfSDIYSF77xrvc8yKahkakr7MhN9R8VzJhu1Tao:4IBNL1qoodk1pwI5rjyNbN9R8VzJsTT

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  55a596574d5ebbe54127f4318e03699724fb5bae033cd09d8ce7abc633fdeb4f
- Size
  
  266KB
- MD5
  
  3514fe1108fa6af760fd1094b297c575
- SHA1
  
  9a16d751f575c5ec39997794511780f4ec5bae4c
- SHA256
  
  55a596574d5ebbe54127f4318e03699724fb5bae033cd09d8ce7abc633fdeb4f
- SHA512
  
  cfbfec4ee590e331053914c8ba313a3724de34ad0e95344fc95531ffccd43122fda54235802e7868c51cd095d2cc425673e9753a585bc9b93356f2da3f7aaed7
- SSDEEP
  
  3072:4IMqc2L18N+mDFq/6V+aDkaTepfSDIYSF77xrvc8yKahkakr7MhN9R8VzJhu1Tao:4IBNL1qoodk1pwI5rjyNbN9R8VzJsTT
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2