smokeloader

General

Target

5730a326fc4a3b2c38b714a95fe572fbee8ec417943b9b29237ed7263a81ab1d
Size

291KB
Sample

240405-kwgllafh5s
MD5

8553140fd3f57f974734f4fbbbf3bf13
SHA1

df3801c77f47c52e1bc0892c6fee3f1608e1d456
SHA256

5730a326fc4a3b2c38b714a95fe572fbee8ec417943b9b29237ed7263a81ab1d
SHA512

716c59d9e95fe7ef7d1b3775215c755f3c57b6a33e01ca225b42cb96706d9417e75d7abd783c3ca90e829f6690fef75da097df5231a8dee431c4a166fb71652b
SSDEEP

6144:rthRY8Ut0LiFQzB3Ve48t+KRs7myEcNPg33q:pYltuj9VeVHyEyW3

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  5730a326fc4a3b2c38b714a95fe572fbee8ec417943b9b29237ed7263a81ab1d
- Size
  
  291KB
- MD5
  
  8553140fd3f57f974734f4fbbbf3bf13
- SHA1
  
  df3801c77f47c52e1bc0892c6fee3f1608e1d456
- SHA256
  
  5730a326fc4a3b2c38b714a95fe572fbee8ec417943b9b29237ed7263a81ab1d
- SHA512
  
  716c59d9e95fe7ef7d1b3775215c755f3c57b6a33e01ca225b42cb96706d9417e75d7abd783c3ca90e829f6690fef75da097df5231a8dee431c4a166fb71652b
- SSDEEP
  
  6144:rthRY8Ut0LiFQzB3Ve48t+KRs7myEcNPg33q:pYltuj9VeVHyEyW3
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2