smokeloader

General

Target

efa6f1c6e03d8d432a88649a1622d5ae1f58209e77a8dc459d0f7246d69f3651
Size

150KB
Sample

240417-qfhfvaad2t
MD5

32b8acb7d28b51df0220ab30756918dc
SHA1

7852df3f181ac3665f69c6215b788892b4237e48
SHA256

efa6f1c6e03d8d432a88649a1622d5ae1f58209e77a8dc459d0f7246d69f3651
SHA512

60063f63f09ecd69a35906a712cd4776201d03f3ba8922e543e5906d84bc0f2e48b50826ead446db807bf79ffb9d808ffa892cdc724f1e531eb1154a8ce3caa1
SSDEEP

3072:uy5mBREhFSOOHxLOAKHhdOKQdTqUreqgENcAhPfgi:uZBMFSOORLOAKDOKM+GTgE9NB

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  b6c6e0ed6e5aa62baec8de42d2d8fee52df072c6a2b33530fbf8bc73d36309a9.exe
- Size
  
  269KB
- MD5
  
  b6698f73dd3bce2646f76c9589256455
- SHA1
  
  20f6bdd05ca92a1499fa6c0dab9954135bd2f194
- SHA256
  
  b6c6e0ed6e5aa62baec8de42d2d8fee52df072c6a2b33530fbf8bc73d36309a9
- SHA512
  
  0c4b6e7c103959576ebcc2a6e676a085a1d272d9bcb1de00b161644b7c0922cd1eb89b82e92b8ef32e35bdb21780c51bba5659ddaaf60968d1d3750d9618751c
- SSDEEP
  
  3072:5ArJBwHDu5z0XOs/AzR++VNX2VQXHtYOl07BBI60JOERR5vK7/TB2+xxdnPwZl4:kJBwPOs/mR+SNs7BJ0JOEDabhPdoZ
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2