smokeloader

General

Target

7f9957556f601f52155a40cc9835c10b38778372108d9a70e1e870c70d15863a
Size

92KB
Sample

240417-qyn2caaa45
MD5

fb8a79c570a5448a04baf66397688548
SHA1

c6fb52b1c137c1e6f998ddacf7a4933514c3bd41
SHA256

7f9957556f601f52155a40cc9835c10b38778372108d9a70e1e870c70d15863a
SHA512

c82fc944ee77247acbee2c55530f15ed6739ecde33db5f2141f6252afc1efdba695d024ee19bc208b0489f4cbbc1949aa6c478200a664a7dadf3d5521bade72d
SSDEEP

1536:hMcYOvU+88EYxzM3Hh/I59RFRKXDjR6247XugTUMsupPk3zVPCBsHB++xR5QMrEU:pLhdMlA/QZ0ucUMsO8qiHBXxvo9+

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

Targets

- Target
  
  30845b56fd4b84afa4212a7c5130b4ee2c07924524c357ea21d4b79ef21fd2f5.exe
- Size
  
  136KB
- MD5
  
  1bc8dd1a5e08a1dcaeefb1a03f5c71eb
- SHA1
  
  9fbb0b46be6b7b0d60841f6c4d6940cdd1b4b08e
- SHA256
  
  30845b56fd4b84afa4212a7c5130b4ee2c07924524c357ea21d4b79ef21fd2f5
- SHA512
  
  5e8d3d808445684b08ec6e4b15d1a701c40bc80fb7d878695970a73f06fd318f6a812c7254dd7d61f74c1c36a0a989894dc80234374d9fc914142adcd9f6bc40
- SSDEEP
  
  1536:Y3HKFCXebMDnye3MtblERG2DnWQZWSqaiWz5AAm7FcNLuAfyEDyIEpovc29OhSc4:iHKCXeC3VdZWS5ijAm7FcUMyIrjksE
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Downloads MZ/PE file

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2