smokeloader

General

Target

78bb2ca0915620eb137c7ff445d78398cedcdc2c580e2083ec9d34c72274efbd
Size

203KB
Sample

240408-qbfrfshh28
MD5

34074f906eb6be660027d7b0adb735d0
SHA1

77e2fe53dce84c793a669b2f3b8042afa7c9c0fd
SHA256

78bb2ca0915620eb137c7ff445d78398cedcdc2c580e2083ec9d34c72274efbd
SHA512

aa0656f89d086e50216449f556b6955322bf3224073bad6cf0b8b3e5e288d31eb91c3206b03c500c65243e6314e4752debf9778972990acec0a3198e4637d90d
SSDEEP

3072:SAUr0QlOjsW+bvbCdO60ImXF+Gi2YaXi3Y4fUEruemYJ:SAhQlOjsW+bOR0r+Uio4MErlm

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  78bb2ca0915620eb137c7ff445d78398cedcdc2c580e2083ec9d34c72274efbd
- Size
  
  203KB
- MD5
  
  34074f906eb6be660027d7b0adb735d0
- SHA1
  
  77e2fe53dce84c793a669b2f3b8042afa7c9c0fd
- SHA256
  
  78bb2ca0915620eb137c7ff445d78398cedcdc2c580e2083ec9d34c72274efbd
- SHA512
  
  aa0656f89d086e50216449f556b6955322bf3224073bad6cf0b8b3e5e288d31eb91c3206b03c500c65243e6314e4752debf9778972990acec0a3198e4637d90d
- SSDEEP
  
  3072:SAUr0QlOjsW+bvbCdO60ImXF+Gi2YaXi3Y4fUEruemYJ:SAhQlOjsW+bOR0r+Uio4MErlm
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2