smokeloader

General

Target

7b60671c.exe
Size

313KB
Sample

240331-ppdnksbh59
MD5

849a173f9eeb87cb0675298e884e3e19
SHA1

059d4c20611f181f6d201898a21b74bbf2cd33f0
SHA256

b7ba148ee92911133697415435ef33d98829b0311a641e479b37e8a0468bad6c
SHA512

ac60c500a7a75697db92ee6f9dc62c278ebc76e53608b424d0aa7b4eff79a4cd19f8dfa867654c79bd8f1c290704926be055bd3713a1e70ac213c3afc6140809
SSDEEP

3072:VLEfWCd21xkD+ywZXh2DZotrdHvyLJW/G5pwqgJdkNNlDH3oBlMT6a:VI3MzkDQLtZ8+G5pTgP80BCT

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  7b60671c.exe
- Size
  
  313KB
- MD5
  
  849a173f9eeb87cb0675298e884e3e19
- SHA1
  
  059d4c20611f181f6d201898a21b74bbf2cd33f0
- SHA256
  
  b7ba148ee92911133697415435ef33d98829b0311a641e479b37e8a0468bad6c
- SHA512
  
  ac60c500a7a75697db92ee6f9dc62c278ebc76e53608b424d0aa7b4eff79a4cd19f8dfa867654c79bd8f1c290704926be055bd3713a1e70ac213c3afc6140809
- SSDEEP
  
  3072:VLEfWCd21xkD+ywZXh2DZotrdHvyLJW/G5pwqgJdkNNlDH3oBlMT6a:VI3MzkDQLtZ8+G5pTgP80BCT
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2