smokeloader

General

Target

9e0c7975fccabca7f0219f48df7a42bbdbcbc7b6b6b791738aacbea5829a7dd9
Size

152KB
Sample

240417-rk5mlsch5v
MD5

3d135d1c541d574db9f1e5784cd101a1
SHA1

446dcec39934f7c87d308a4fff798d47c9435fe8
SHA256

9e0c7975fccabca7f0219f48df7a42bbdbcbc7b6b6b791738aacbea5829a7dd9
SHA512

f458431a77db43d195e91d68f64599dae04976aa99f54c7a3267ff65091d4954f8be50b0b7d704f532e7f4dd33aaab15848911d88f5e54ebade5c9a0cec3fc88
SSDEEP

3072:IGaEUwOvsMU5m9QlJOyvrTb2hJ6t+vGLnC9uSHXfR6zOM0nq:IRwGzU0GlkyvrTKo7LnC9uEfLS

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://kamsmad.com/tmp/index.php

http://souzhensil.ru/tmp/index.php

http://teplokub.com.ua/tmp/index.php

rc4.i32

Targets

- Target
  
  65fce57c145f3f982b0b6d7e33f181b5eb922c72c12526be8c18942dd62bdb42.exe
- Size
  
  259KB
- MD5
  
  7b2279ba77e21c9397c39f0e44d3b6aa
- SHA1
  
  cf26804c74b1b4f569a484afed21418ca7c7b2d4
- SHA256
  
  65fce57c145f3f982b0b6d7e33f181b5eb922c72c12526be8c18942dd62bdb42
- SHA512
  
  16a251ac22420ed66883d973696a7b10b55108f7cb7393fac5c901c2802d798ead9ea5f7c7673d6d20834eb67e1dff225ac9d568b2be06c83d18041bdd378032
- SSDEEP
  
  3072:lfXIlpfiFAx9zO5hB0TmvCtA3NKeUL9e0mWYgx/pV6XfWg55FLT+yx:lxFALYhuT84A9JURe3gVaOwFLT
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2