smokeloader

General

Target

1d846fa8a54b03a47393c4ef78b8e33771969d81b11b8f93cf08475217d77d6f
Size

150KB
Sample

240417-p9scgahh5z
MD5

f1991dbb14be393bf851c72e88ed024d
SHA1

4ce48e725ba97218ed1afbbc906871f08125cb1c
SHA256

1d846fa8a54b03a47393c4ef78b8e33771969d81b11b8f93cf08475217d77d6f
SHA512

e02a4cd990b505a539b09bf95ce41607a9b797ee8abbb6704d9f4cb84f939a18bbfe08a8b0dbba92ed49e2a3c429fcc6e0ebd9366fb1e2610941e706a88bed60
SSDEEP

3072:UcwTtTm178EwT8o58Ltwr4u5rLFsssONjsqtSOwdiAtK2C:UcQhfT8o58LtXsLFbeqlwYl

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  b6c6e0ed6e5aa62baec8de42d2d8fee52df072c6a2b33530fbf8bc73d36309a9.exe
- Size
  
  269KB
- MD5
  
  b6698f73dd3bce2646f76c9589256455
- SHA1
  
  20f6bdd05ca92a1499fa6c0dab9954135bd2f194
- SHA256
  
  b6c6e0ed6e5aa62baec8de42d2d8fee52df072c6a2b33530fbf8bc73d36309a9
- SHA512
  
  0c4b6e7c103959576ebcc2a6e676a085a1d272d9bcb1de00b161644b7c0922cd1eb89b82e92b8ef32e35bdb21780c51bba5659ddaaf60968d1d3750d9618751c
- SSDEEP
  
  3072:5ArJBwHDu5z0XOs/AzR++VNX2VQXHtYOl07BBI60JOERR5vK7/TB2+xxdnPwZl4:kJBwPOs/mR+SNs7BJ0JOEDabhPdoZ
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2