smokeloader

General

Target

38b43b51850aa9ed13c48c8abf94aaa9278c9e1b2eff4d0f5f22a85d7bc87e5f
Size

145KB
Sample

240417-qz9pfaab27
MD5

a1c42807e1fcf6a41664ff9bc1737ca2
SHA1

b7ccb1e9c274ca8d392952b337fac8f7308e52c5
SHA256

38b43b51850aa9ed13c48c8abf94aaa9278c9e1b2eff4d0f5f22a85d7bc87e5f
SHA512

99ce1c1daffea48e6eebe7857988ec6566791629a70984e97aaf9b5d60940124e7dead36239586f78dc8af672a66ce68b7555fda58212ba12d31d78f6d0b4898
SSDEEP

3072:lUjujjt1UoF7lHLAtepacvKiCRzZvc9VsjdkVy0v:zHD7RMtep9SxRdwK50v

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  430be53678e8616b604b7210d16dd57f1561aa9cebb32ac451247387a53aa919.exe
- Size
  
  261KB
- MD5
  
  340a95a1d7cbc1298171aebaaa6638a9
- SHA1
  
  b1499d545dc7838274f46dba1233fe9fb3f84e2c
- SHA256
  
  430be53678e8616b604b7210d16dd57f1561aa9cebb32ac451247387a53aa919
- SHA512
  
  6fc4d2a5d1832790342a3244f5065688e1bea4136c91b0fe86f65bb4a7a3235b0f6c1fcf94087a09c82a96afabd1d74ef1d84d08b41ed1ab661e3b52ca5e60a3
- SSDEEP
  
  3072:ULb4PKxxB5OhFv+YBiLDLljSxMqbWTQk1B3A5hMpCIKxKNK7EdevdTk3:Uqw5evmfluxMp71B3emds8evdT
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2