smokeloader

General

Target

b8f9fe4f2a6afc881cdd986b661c2874f76d8a2b8c34a83b5360da74c5755389
Size

93KB
Sample

240417-qlzbjshb85
MD5

15adbd16289d90ba076a50823f8b0938
SHA1

68ebe05198303d590a90050a06d4c0d97eec5350
SHA256

b8f9fe4f2a6afc881cdd986b661c2874f76d8a2b8c34a83b5360da74c5755389
SHA512

20f262e1f3593e9d1c97249da0c67ca9326ebd15b8dd74ceeb81f9ef0d6a0940ca4f9fba6996cfe83e9b7b59b962acf9d99b43b9dbf7518270a321a7393f5e38
SSDEEP

1536:bnUVCH+5xroqe9XNZaatZfOZufMCp4FYCTLvg94d2riYF9dHQnSmXr2aoC:bn2oEloPXNga3O4BIYMM6Yr1fmXr2HC

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

tfd5

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

Targets

- Target
  
  e2ee33a7a4d96b608f35b98c659f1e65642f4036353140ac2fd0ff5152eb4964.exe
- Size
  
  161KB
- MD5
  
  6d06917a4f1ce19595f45d652cc3f5f1
- SHA1
  
  f12921fead53f540793ae3ceec9ddd9d2cbf576b
- SHA256
  
  e2ee33a7a4d96b608f35b98c659f1e65642f4036353140ac2fd0ff5152eb4964
- SHA512
  
  ea79f414aadc75c78e0de7956909ccc5a95b350aeb72846c6df6869a0249ed763f839b56ebc86f8087b56dbe3ef5943a45e8e37e273319816f1f6ca3611fba31
- SSDEEP
  
  3072:diZUCzlE+mKEYsBqbVj0Mx96KuuW58v7gyCXLO2Vf:d6UCz3SWVP96KM5CIO2F
Score

10^/10

smokeloader tfd5 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2