smokeloader

General

Target

83d778bb7fe77429be350a7b1e914eb56c6415c586ea98867ca8700b9f9f393b
Size

145KB
Sample

240417-qfgvbagg84
MD5

fd25ab81abbca119c630a95347877146
SHA1

56cc8657457f3cc163d3fdd6e756d47ac8438ed6
SHA256

83d778bb7fe77429be350a7b1e914eb56c6415c586ea98867ca8700b9f9f393b
SHA512

b79b847299342c1cd8854caa66bf480da1f0e3b71a60afa0c07288421ee4695aa3ce767a33ba6b9399f3406be88489ead4543e6fbd7f9838f972ffc0853bca09
SSDEEP

3072:mDN2ZiI9fjJRgSpvP3Y27YI9BiPbCoQE6Xlu6zhSejw0QW7ZJTiM:6AiI9fFRg2YcYw0PbC46XluDuJTR

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  430be53678e8616b604b7210d16dd57f1561aa9cebb32ac451247387a53aa919.exe
- Size
  
  261KB
- MD5
  
  340a95a1d7cbc1298171aebaaa6638a9
- SHA1
  
  b1499d545dc7838274f46dba1233fe9fb3f84e2c
- SHA256
  
  430be53678e8616b604b7210d16dd57f1561aa9cebb32ac451247387a53aa919
- SHA512
  
  6fc4d2a5d1832790342a3244f5065688e1bea4136c91b0fe86f65bb4a7a3235b0f6c1fcf94087a09c82a96afabd1d74ef1d84d08b41ed1ab661e3b52ca5e60a3
- SSDEEP
  
  3072:ULb4PKxxB5OhFv+YBiLDLljSxMqbWTQk1B3A5hMpCIKxKNK7EdevdTk3:Uqw5evmfluxMp71B3emds8evdT
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2