smokeloader

General

Target

b2ddd9d4bc8fa6654e22dfffa7b50a1dc18ad82b8201e9af678f7738619c024c
Size

145KB
Sample

240417-qnbm9sag91
MD5

3d997abd88eeeba596fd1a1cb389b7a1
SHA1

d6862205b0995aef31c2025d0ca5d452e23113fc
SHA256

b2ddd9d4bc8fa6654e22dfffa7b50a1dc18ad82b8201e9af678f7738619c024c
SHA512

2776651cae2ce9ebb7bacd82f66f681c987bdd1f0e91afcfae972b6013fbc6631ec15d77122acf14535266ec6377ec4d02a019feee131bc10a301ac12d952e1c
SSDEEP

3072:LrAJLqgXG7avjelsxMtFKTMNBJYSvM8MpBtmuKu/nJQ:AJvWEelxtJNrYSvM8IdDe

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  430be53678e8616b604b7210d16dd57f1561aa9cebb32ac451247387a53aa919.exe
- Size
  
  261KB
- MD5
  
  340a95a1d7cbc1298171aebaaa6638a9
- SHA1
  
  b1499d545dc7838274f46dba1233fe9fb3f84e2c
- SHA256
  
  430be53678e8616b604b7210d16dd57f1561aa9cebb32ac451247387a53aa919
- SHA512
  
  6fc4d2a5d1832790342a3244f5065688e1bea4136c91b0fe86f65bb4a7a3235b0f6c1fcf94087a09c82a96afabd1d74ef1d84d08b41ed1ab661e3b52ca5e60a3
- SSDEEP
  
  3072:ULb4PKxxB5OhFv+YBiLDLljSxMqbWTQk1B3A5hMpCIKxKNK7EdevdTk3:Uqw5evmfluxMp71B3emds8evdT
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2