smokeloader

General

Target

f5ffe4f242acf3a441b4b3e1d93db1ec83e2e3208bb2a4908957071efdb46fcf
Size

146KB
Sample

240417-q1hbksbf9z
MD5

d49c6b60192931e92910bc9ad3799f3b
SHA1

144706778ae6039e03692882d064c8836060990c
SHA256

f5ffe4f242acf3a441b4b3e1d93db1ec83e2e3208bb2a4908957071efdb46fcf
SHA512

4dac848e21b913cd808f1aabe3d344dbbfc432398fef2b550631b647239faa38cf0f9eda008f294e50dfb334fc98b6a6f6847e2554bb7738bad8959862d82d96
SSDEEP

3072:2bbguD7Xzhc0M1+iwMtTl/NV8ST9No3Wy1KAsWX9AZbsxhXFIV88u03:2ASNc0M9wMnlVpPoBKA9AZx88u03

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  2ab7e6e873e7c7b1bde654551484678ea53b4ec4a20a5058a7508fc254e2146d.exe
- Size
  
  289KB
- MD5
  
  d36332be897a501db1745c49e24f54e2
- SHA1
  
  bb840897f9d6cb92ed7e56585f507c8ce5b3410f
- SHA256
  
  2ab7e6e873e7c7b1bde654551484678ea53b4ec4a20a5058a7508fc254e2146d
- SHA512
  
  2f5b7994bd44a412632af073b12592b22f7672cbb77a4671778dad120e6f111f05fb4d4a5d12257fc2d3f4fd3b5925fb6494cb1e21d302c195367116d3b91230
- SSDEEP
  
  3072:y+hYvpQawiypIiIlrePe4hMh1u7LQggGaT9J0irfUoAou9ZxKZZti6LJS7ae:y9Ga/ykhehteZvXcBou8XQ61A
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2