smokeloader

General

Target

6e897d1984d72e2fe849ac5d411bd4c422bad38b977feda612b5296f38671d8b
Size

148KB
Sample

240417-r5kg6scf97
MD5

469ed1ffc6ef8176145dc37831e71054
SHA1

41df861e6fdaf73ab7b8bfc5afb482b719d08bec
SHA256

6e897d1984d72e2fe849ac5d411bd4c422bad38b977feda612b5296f38671d8b
SHA512

8791b65b1feca49c379d5ff0a5a3dbdf8bff2343aabc384171134e3d7b313983963281d90a8e40c0cffd07dd0f2253f2ed1749b2d04fb24a7d260ac2d2ff4518
SSDEEP

3072:kUd4NNmore367WaX9Ed+hq4lzsMvloxGasRAsH7zaGa:kjzmJ67W9YY45veWfda

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://gxutc2c.com/tmp/index.php

http://proekt8.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://pirateking.online/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  006ab1b11bfdbf1e4a5dd2291e6e63d9f16e2896a5a0bec1ef46000307478ad8.exe
- Size
  
  242KB
- MD5
  
  e0606af1cf37281e1407ccc449c3d087
- SHA1
  
  acbd7e2e9e28e512b2b283dbd2e42394cdd7e58f
- SHA256
  
  006ab1b11bfdbf1e4a5dd2291e6e63d9f16e2896a5a0bec1ef46000307478ad8
- SHA512
  
  c6d62cb5510743f9090d489c4b889d5e55198a76d1888a91c90fcb11bb3c28670756d640fc4e25aa2c79b98f055bb5a68c05083025d6b13f8c7f8924afd67f30
- SSDEEP
  
  3072:LYi7ktVPczJaKr9+7bQKcEdv0yEkMnOvpVj0zhp4izwwZmM9fieCOGDdX1ODBlNs:LYi4tN97b+8MORxIp4izw/yieiMd
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2