smokeloader

General

Target

c0af53c0f0eeeaefb59c09039328997abdee0707c1d87b7754c2aebc71f037ca
Size

162KB
Sample

240417-qfjc5sad2v
MD5

7e730aefe8a7581d10b6d63a1ee47787
SHA1

d8a8f6b3bea90f612b384af64875f2af12cdd826
SHA256

c0af53c0f0eeeaefb59c09039328997abdee0707c1d87b7754c2aebc71f037ca
SHA512

c216b58d38bfc7d0f38fa9ec4e7986e1af83b54260da546d1873fe7862a08505d78e0d1d0f8113f68ef6030bbdff24ba5f9d8282f47bd15ecd5a9d2e3489cbcb
SSDEEP

3072:A5+eM7d4FyerJ7+FwSn+CgnwQcpbLxTT1tie7JXO1G255DSlsjJ82Eulh:Y+eEkye97ybnewQYF1Qe7J+1G2PkIXEk

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  53a3ddba0b75161ce2d48cfe94f0b45371f879edcbf45756da50f729b664888c.exe
- Size
  
  316KB
- MD5
  
  53801a0bcd9199d21c20df467beee881
- SHA1
  
  1c0b7ebe21c9abac3416ed32b1238c8607090f4d
- SHA256
  
  53a3ddba0b75161ce2d48cfe94f0b45371f879edcbf45756da50f729b664888c
- SHA512
  
  e1a33b9d0c075e14589bf1753b711fac586a353ea798c9236d21d7c3cbb1e4de23343a123a1fcf903153f955d1b8b2a6614c6803ee23946914c741889b8ba1b4
- SSDEEP
  
  3072:z0iD5S2RZihP2+ccK+EXWkDo/jXnKw3MrMhLv1tmoL7XMwY1olXM4Q6d:FHON2ZW9n3M6vN7ZYi
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2