smokeloader

General

Target

4d20280f94747f0e8f94470de5d2db50af87147bac107a060ba9d1d28edd154f
Size

92KB
Sample

240417-q1aazaab28
MD5

d8f87ec3fa85395f0f06afbc6739b9c3
SHA1

346e7721564023871922a36d5cc0cee909172086
SHA256

4d20280f94747f0e8f94470de5d2db50af87147bac107a060ba9d1d28edd154f
SHA512

3f5f01620afbf9d53692c009410983dd58d4d944baebd11a04ee6219dd3d017bb47bb58ba489f24d4990a1bdd557c76e54dfe80bffe9c1e475be2b0c2e77c331
SSDEEP

1536:MFnTBE4dzR6ff8Cwxsq8MOQ2WlE/zu0Xr8rpo37XR9XN+T27m4dhl4odSXMFJyqd:MdTBEdffyFzOQjErbXorYD9+T2zl42r7

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://kamsmad.com/tmp/index.php

http://souzhensil.ru/tmp/index.php

http://teplokub.com.ua/tmp/index.php

rc4.i32

Targets

- Target
  
  be5ce235a69b87bbd080436bb83c7a502a53a0f18b2e1e158f6ae027a98abe8c.exe
- Size
  
  160KB
- MD5
  
  d24cdda4c1678e1e64c023e43cde4279
- SHA1
  
  2a214b9a9ea66ea0ce3de80405cb5fa65ce6542f
- SHA256
  
  be5ce235a69b87bbd080436bb83c7a502a53a0f18b2e1e158f6ae027a98abe8c
- SHA512
  
  10e1581c6ba656d205a102c463d12cd321b537c0c7e3e1dc934e2f1ff8322c0a3c6b1f3e463c9dbea7024fd220037708226086277ab6a7174b842c638a17dca3
- SSDEEP
  
  1536:zUiZ5gZyjech8y/nK/bobGPflvJRhPqaFzWEd3HRruQi0pSTHPvr4PvGFGEqbamZ:tiZpyDMxTPqO1tPqHP5FGVamA1P
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2