smokeloader

General

Target

c921a189b38264afcce6031fe6a79de2fa33388a22ce262168e2731a6af10017
Size

282KB
Sample

240409-cvbd7afc3z
MD5

f4a283ec9b98d16c0fe65fcc618528a6
SHA1

87327ba85f539d5ce7338d3221b0b9671a90fd2c
SHA256

c921a189b38264afcce6031fe6a79de2fa33388a22ce262168e2731a6af10017
SHA512

98a8e0d79c1263c4145f11b553a77412b13c5bca59461a815b66f8eb509215bf0ca9b30acc2323611dad1ba0340d4daa51138017b2a18eb2eb6c690a9a5ca140
SSDEEP

3072:LmWpBjlFwHkWoDRD8BAjpld0gWkt2WsLNuVcBF2oO:npBjlqHk5DRDEOld0o/V4

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  c921a189b38264afcce6031fe6a79de2fa33388a22ce262168e2731a6af10017
- Size
  
  282KB
- MD5
  
  f4a283ec9b98d16c0fe65fcc618528a6
- SHA1
  
  87327ba85f539d5ce7338d3221b0b9671a90fd2c
- SHA256
  
  c921a189b38264afcce6031fe6a79de2fa33388a22ce262168e2731a6af10017
- SHA512
  
  98a8e0d79c1263c4145f11b553a77412b13c5bca59461a815b66f8eb509215bf0ca9b30acc2323611dad1ba0340d4daa51138017b2a18eb2eb6c690a9a5ca140
- SSDEEP
  
  3072:LmWpBjlFwHkWoDRD8BAjpld0gWkt2WsLNuVcBF2oO:npBjlqHk5DRDEOld0o/V4
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2