smokeloader

General

Target

3bab661fa7d63620dd64ccf9c9dc2bab00b2ce91ac39fe2aa8e6591db0a0a48f
Size

150KB
Sample

240417-qz6yjsaa99
MD5

b25e3f057751465629537e55a4c39bd9
SHA1

b4c83a548a787aa3627e8c9f82462246a49b1356
SHA256

3bab661fa7d63620dd64ccf9c9dc2bab00b2ce91ac39fe2aa8e6591db0a0a48f
SHA512

246b518749b864f46810e3887678f5417e499f5d76e8091367c5bc9aa56dea134cfaf63fd2338639dce4c16e51e92eb5b3002add7f2817e969ce214f6f9567dd
SSDEEP

3072:KwKJ73kJ6zAAFBeixeWrflt4x3bniSOKxITfP2ebhRC:KwDkMAFBRxNZtICKxIjuebhc

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  719d2a9cca051c4489b4374f74efb0e8dad90b6eb8eef353ea500252bbc50305.exe
- Size
  
  235KB
- MD5
  
  0c7550f273a318b218475c0f47b62dff
- SHA1
  
  053abf8c97c4874f16eb191cf21f087708491c93
- SHA256
  
  719d2a9cca051c4489b4374f74efb0e8dad90b6eb8eef353ea500252bbc50305
- SHA512
  
  2665ee2af540f05856bbe76b91fe4cd953ceca4f3cc3bfe863d1e0e771c589fbd1f228cea45f0c1af4de1b920974926f0e2c9e432bd6f3d723feaa5b3a26b077
- SSDEEP
  
  3072:yN8RBEl4d6Q4MCPfQ+qTE0O0cQhnjdc94OHwhj6Kxo51Xd278s:6lFMUm40Mknhc9z2jKXd27
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2