smokeloader | 12d3dc8a4fd8a2ebe6a839cce59920156d55e8d06fe2a5c95ad60419086877bb | Triage

Sharing

General

Target

12d3dc8a4fd8a2ebe6a839cce59920156d55e8d06fe2a5c95ad60419086877bb.exe
Size

30KB
Sample

240405-belpjsff5t
MD5

2cdffb841cfd9e2e729de2f02c47f8d1
SHA1

8d4e116bd2cfc57bfbe5f05308020e65f93d592d
SHA256

12d3dc8a4fd8a2ebe6a839cce59920156d55e8d06fe2a5c95ad60419086877bb
SHA512

8d344d0afba0eca49b4541b75c3e39dde3b75c9503bdddaf435b834699010852a0ada54fa2381c64bb31211dd9cf12eec0394c1f30700521ae849e29a4e7b90f
SSDEEP

768:QVKaUWVgbStx+y4+LK2rTMk6vAZ2HtIWVpw5/:QEaP6QxNxTMSYted

Score

10^/10

smokeloader kev backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

kev

Extracted

Family

smokeloader

Version

2022

C2

http://atillapro.com/

https://atillapro.com/

rc4.i32

rc4.i32

Targets

- Target
  
  12d3dc8a4fd8a2ebe6a839cce59920156d55e8d06fe2a5c95ad60419086877bb.exe
- Size
  
  30KB
- MD5
  
  2cdffb841cfd9e2e729de2f02c47f8d1
- SHA1
  
  8d4e116bd2cfc57bfbe5f05308020e65f93d592d
- SHA256
  
  12d3dc8a4fd8a2ebe6a839cce59920156d55e8d06fe2a5c95ad60419086877bb
- SHA512
  
  8d344d0afba0eca49b4541b75c3e39dde3b75c9503bdddaf435b834699010852a0ada54fa2381c64bb31211dd9cf12eec0394c1f30700521ae849e29a4e7b90f
- SSDEEP
  
  768:QVKaUWVgbStx+y4+LK2rTMk6vAZ2HtIWVpw5/:QEaP6QxNxTMSYted
Score

10^/10

smokeloader kev backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

smokeloaderkevbackdoortrojan

behavioral2

smokeloaderkevbackdoortrojan