smokeloader

General

Target

b1b81f4ebeaa91367fb4cf90f83f5f1ea0aef88d0030bddf97619ec56b01102d
Size

144KB
Sample

240417-qzzt8saa94
MD5

120d9c29a4d625fe6f0dd6cb510eacee
SHA1

6a2c10356d7090f844279bab1b8f004b490c508f
SHA256

b1b81f4ebeaa91367fb4cf90f83f5f1ea0aef88d0030bddf97619ec56b01102d
SHA512

af4e2c395205357f3c1a90ff6a0f93030b040cb19fe8d9db7793104f84cf6d3fb45e07ec62cb643cde3608e5a100550f1140a9b1b12b189d57c5ce8313f7852c
SSDEEP

3072:RehUMDu/fsdHgxa9J0zjoY5916sdKIWoHawRvj1hv95GsOCq50vajssC:Qu/0ZJoj1zlWo1Rvj1hv95LM50SzC

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

Targets

- Target
  
  e9839a31cca5038608b57f6e13e75f43aa845a2f892c917a77b3c4f0bcc35c7e.exe
- Size
  
  259KB
- MD5
  
  b05a74505fa03339578dff002ba57c69
- SHA1
  
  b9851e84dbd2c8b2ecccb30452ddccb0496ef974
- SHA256
  
  e9839a31cca5038608b57f6e13e75f43aa845a2f892c917a77b3c4f0bcc35c7e
- SHA512
  
  616337efd4b6a84f0590226b52d8c7398723afe43bb1fc879089a7474b7fd8949e16353bb4ff713da4295dbc4885d5eb34d9483d7441b726592371bb8f285dd3
- SSDEEP
  
  3072:NCEgl6HLc0iImEkhg569+wjkabBB2n2qr4j54wCxe9yFfqdwiB9ez/WnQEbK3Zk:NsUrc06Fue/kZr4j5vwbb0WWnQEbe
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Downloads MZ/PE file

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2