smokeloader

General

Target

808a871b69861985dca9acbc00c8a78a22008aa58f741263498e77319ef04e6d
Size

93KB
Sample

240417-qtrlnshf87
MD5

2c10dfc5ad6da5ebe6b9784f368b63b2
SHA1

01361c6687d9acf26b15e0fe1ca125409cb66973
SHA256

808a871b69861985dca9acbc00c8a78a22008aa58f741263498e77319ef04e6d
SHA512

3b2a1a2687c23c3b986aaf10ed52c27f71431f28fbc37e4dd6d78ac042c2c2d73111ec5cf0c203c401480c59eff2c5d9ae799cb7c08c47cb3e2aa45744f2240c
SSDEEP

1536:ARl6EXXTzIQXy8xa8F4FfMAjOql+VxdPAfZ4e+dCsd9TmKZII/V++hhDola4qTUZ:AvxTzID8xaRFfMKOql+VP6FGCgmfI9+f

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

Targets

- Target
  
  336454ac34e8f8e0a87e35d3e140b5507a59fd100211f19c9f52829fb94ebe69.exe
- Size
  
  161KB
- MD5
  
  26372b0b4b307a2d1b7ed4e6039ba23e
- SHA1
  
  423a2290db7b757245efc42327ac9667c0bd91c6
- SHA256
  
  336454ac34e8f8e0a87e35d3e140b5507a59fd100211f19c9f52829fb94ebe69
- SHA512
  
  c0e868d9cfa9c843c12790a3e7a442117952039ebc6c1852b51c6f490d7429d6950fab1666f7d24d69ec90aad4420fa3c3575a12952e4bfdc116e1cd48356ad3
- SSDEEP
  
  1536:YY55gZdDecFo+b3K//ErpPriC8YEJfIHooSi6B35R5W3ScYCcojrECIMckz+rug:hiZUCzKhJfIHBs35npcYCcsECIMckz+
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Downloads MZ/PE file

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2