smokeloader

General

Target

7b179ec9d15d28ed2d23964eb1eae06658e78e067289bd70603b9790ad8e2eb5
Size

272KB
Sample

240404-2mhwqscc61
MD5

b99c23c094a5a50db191c38fc6bf6add
SHA1

9d75623636157e38f657bbf0e54639443f027bb2
SHA256

7b179ec9d15d28ed2d23964eb1eae06658e78e067289bd70603b9790ad8e2eb5
SHA512

d0f35c20df9b2a5ce6a307811188877e5f837f185df941a959fac7f66a0a24094e9ff495fdc122aba076fa578bb181701b2906e544d6a085b413e78fe5a907f4
SSDEEP

3072:+/m/9oiaesf+hTUX+q5P0e+Jhsdk5XjU2NwlvbwvayDqTn1y:+/4ZXsfox8qhs+pgXlMSyDqT

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  7b179ec9d15d28ed2d23964eb1eae06658e78e067289bd70603b9790ad8e2eb5
- Size
  
  272KB
- MD5
  
  b99c23c094a5a50db191c38fc6bf6add
- SHA1
  
  9d75623636157e38f657bbf0e54639443f027bb2
- SHA256
  
  7b179ec9d15d28ed2d23964eb1eae06658e78e067289bd70603b9790ad8e2eb5
- SHA512
  
  d0f35c20df9b2a5ce6a307811188877e5f837f185df941a959fac7f66a0a24094e9ff495fdc122aba076fa578bb181701b2906e544d6a085b413e78fe5a907f4
- SSDEEP
  
  3072:+/m/9oiaesf+hTUX+q5P0e+Jhsdk5XjU2NwlvbwvayDqTn1y:+/4ZXsfox8qhs+pgXlMSyDqT
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2