smokeloader

General

Target

fa248af9181fe1164f9eb2e88b45861e347dbb6ca60ff8a2fd40b3e7bb1a4b52
Size

268KB
Sample

240404-h528jshb7x
MD5

0246c2089c513dd176ac575774839ace
SHA1

28e5beccd02777662bcca7d833abef9b42bd80b9
SHA256

fa248af9181fe1164f9eb2e88b45861e347dbb6ca60ff8a2fd40b3e7bb1a4b52
SHA512

c973508dac2e5ecd2cd7ae1c7c54a83d9f0b5f5667b497206e03b96eea102a32bfd19f828265e842d47c595e7dfe2e5c1c285bb6a385c5fd551b2a7c8c88d338
SSDEEP

3072:r9UvDqVxAN56xdtdaYP4Mush+zEfiXhBtui6as0ttsRc8EhEnRr4nby6dH/Pxn2F:wa8Y5u4AE6LZvsRycUVfPx2nT

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  fa248af9181fe1164f9eb2e88b45861e347dbb6ca60ff8a2fd40b3e7bb1a4b52
- Size
  
  268KB
- MD5
  
  0246c2089c513dd176ac575774839ace
- SHA1
  
  28e5beccd02777662bcca7d833abef9b42bd80b9
- SHA256
  
  fa248af9181fe1164f9eb2e88b45861e347dbb6ca60ff8a2fd40b3e7bb1a4b52
- SHA512
  
  c973508dac2e5ecd2cd7ae1c7c54a83d9f0b5f5667b497206e03b96eea102a32bfd19f828265e842d47c595e7dfe2e5c1c285bb6a385c5fd551b2a7c8c88d338
- SSDEEP
  
  3072:r9UvDqVxAN56xdtdaYP4Mush+zEfiXhBtui6as0ttsRc8EhEnRr4nby6dH/Pxn2F:wa8Y5u4AE6LZvsRycUVfPx2nT
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2