smokeloader

General

Target

09b933e499b1ca110284a3f0b35f385a7f8eb660ac1f77ce5079e476364a93ee
Size

148KB
Sample

240417-qfb9tsgg76
MD5

389f1d32a46408b8601d567fcf109190
SHA1

c18900607d98d92bd870343a7c2411c040794b26
SHA256

09b933e499b1ca110284a3f0b35f385a7f8eb660ac1f77ce5079e476364a93ee
SHA512

57909e72f6c338c0ecd3a24d15626fb8b462ab4ed93b3255acd114a576b86eaf925849a453683b6cb0762619632a0481d345caebb9f25f36732225828252a2b8
SSDEEP

3072:ycms9B7x/G5lRc+WA96aCgkzisGltT3AXUvmLNMrZBG/FM:R9B7xKBxkziDAXUHGdM

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  083c9a8679034f65137bce38b2f1db98225a8d1f18dc351ee4d5adfc464fa72b.exe
- Size
  
  267KB
- MD5
  
  8b2f1a0f480177fe032cbf896442a44e
- SHA1
  
  96099aced1b2724dd7fc56f6978802b87aeebaab
- SHA256
  
  083c9a8679034f65137bce38b2f1db98225a8d1f18dc351ee4d5adfc464fa72b
- SHA512
  
  ca454ca2e172f1ec7d1cf22a2c2a3085692c1ff58a3c37e83cfbbc87623702879b9e2d0fe3a17dd609bcfe5ed5daf9181219ec0f0ecacacaf6136fd1b73758be
- SSDEEP
  
  3072:8LZMm58BE5RRc8+HBi1/G66Czp+lbWhXrcrB0F0VC2MZUrTTk3:8KEVc8dH6ColYrcrB0F0k2MZmTT
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2