smokeloader

General

Target

4098056d26550d120329a35bd96cfa1d2179673b270a553591e19b829b2b58e5
Size

127KB
Sample

240417-qwt5ksbd8s
MD5

21821a1d99448c58e704c082b188416f
SHA1

bc11a3b5f4a54340138437088a6509b318338868
SHA256

4098056d26550d120329a35bd96cfa1d2179673b270a553591e19b829b2b58e5
SHA512

fb3a6c78c51abac23ac9c50ce1325fd0b7ea7a87eadf45f8edc553a4c91bd4b730f9bf7402110626cf7fead4911fbe5f4be5dcbe4c02db05746cbc5a74e31c17
SSDEEP

3072:8imIGxuigoeF6axO4SYpaa/yLZ+U6Q0nyJisK:8P9uZoeJxO4SYEa/s+U/0nAil

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  c40fe915433c1a8094a858affe62c6079154c668645f8e17751e7f39ebf4d31b.exe
- Size
  
  211KB
- MD5
  
  28c17350f0da6941f68bbea0eb5af380
- SHA1
  
  42d3ea0b53b6f76b729a9cef45341fae29933d88
- SHA256
  
  c40fe915433c1a8094a858affe62c6079154c668645f8e17751e7f39ebf4d31b
- SHA512
  
  b1bd4d2d1787575b7d5155926aa248203b317f33e13eb237ecb1d33353c3146e6ed67da239f0e96ff98adf8aa7309e6f37f666107176bb6461621d7287fb750f
- SSDEEP
  
  3072:BIVw4zCuQGezasu4/2z6EuQ/yu0ZsBMRpSQDB8mm3CmO:BIm4GudBsukQ5o8NR
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2