smokeloader

General

Target

b128c09685549dc969d5488cfd25aa167f40bfa609b63db902a597a2fb407d7b
Size

151KB
Sample

240417-q6wfdsae92
MD5

93bcb5801740a771d599f2544e631de6
SHA1

87cdb9a8c362ba1d87677097757c6b91b3bd48fa
SHA256

b128c09685549dc969d5488cfd25aa167f40bfa609b63db902a597a2fb407d7b
SHA512

71e6ae210f5563942c9455c3455300717be5bde9195ac95d0081f5018d625f13359cd809b12fa5bf97373c57f78dd0add1ceddb372f36bf9fb120d012f2df079
SSDEEP

3072:NB05TtmZbAEEBmfn/FoFTyb7Bttu2xOS7TW0wMx2sKkfzvuY9EVj9c:z0xtEPn/FUT+7B62lOohfp9Ec

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  4f6b05e7e7c2c51a1cf5569a47a8bf31f8d452359f5a37bcecd36ef3f852c858.exe
- Size
  
  270KB
- MD5
  
  cccb10ceec06dcd07535387e28224db5
- SHA1
  
  9d9e4dccfe75ed49f3b6c89f446654d4d91f63c7
- SHA256
  
  4f6b05e7e7c2c51a1cf5569a47a8bf31f8d452359f5a37bcecd36ef3f852c858
- SHA512
  
  66a45dcb0401d6f9b93c6795983eaec6721ccd36918a69bae4877b0fd4a06e666b190676d27d32f96a5005a44a6a9e8f37b75e26b49e33d3fb893485ebc61e80
- SSDEEP
  
  3072:s/ZZBAvpmGkYrX15+VNX2VvXa4WNCqyEuHTP5QrTFWpc1nCKPTsyWj3cDe4:oZBar15FDWNpg72rTcpqCKP433cD
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2