smokeloader

General

Target

1d2a7370db115257837e0b95477bf14d013eb858e1065a1f9193c37523a3dc33
Size

162KB
Sample

240417-qm95faag9z
MD5

8ac9c350e050894f04a3ed6eeadd4e6e
SHA1

9148bd31efd18f1ba28cbbd2b0ebc9715400ef12
SHA256

1d2a7370db115257837e0b95477bf14d013eb858e1065a1f9193c37523a3dc33
SHA512

7a49ca2e23156d6159990ba0033570972048842210af972b1c5f10f0183912a0eba74e398363c78598fe1db3e7ebb4e1ec056dca2d2eda37d4e3396f9a099489
SSDEEP

3072:TZUSXB72Knq1Rhjs/dRzhmF1jFiGhLilxFGy8ypD0ZNKbYY2e0+SJ97Nzw1aEACB:C6B7Dq1Rhjs/HFmF1jcGhuZsy50ni304

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  53a3ddba0b75161ce2d48cfe94f0b45371f879edcbf45756da50f729b664888c.exe
- Size
  
  316KB
- MD5
  
  53801a0bcd9199d21c20df467beee881
- SHA1
  
  1c0b7ebe21c9abac3416ed32b1238c8607090f4d
- SHA256
  
  53a3ddba0b75161ce2d48cfe94f0b45371f879edcbf45756da50f729b664888c
- SHA512
  
  e1a33b9d0c075e14589bf1753b711fac586a353ea798c9236d21d7c3cbb1e4de23343a123a1fcf903153f955d1b8b2a6614c6803ee23946914c741889b8ba1b4
- SSDEEP
  
  3072:z0iD5S2RZihP2+ccK+EXWkDo/jXnKw3MrMhLv1tmoL7XMwY1olXM4Q6d:FHON2ZW9n3M6vN7ZYi
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2