smokeloader

General

Target

f49f0bbf8825d92afd6374c9ef72535908acf210b12d95e896f055be9d7d8d91
Size

163KB
Sample

240417-rm4s4abe82
MD5

048ab0ed5c1c8013e919ce6e0aa65c1c
SHA1

2efc5143642581d0ba32cb9d755f6726f75b85cf
SHA256

f49f0bbf8825d92afd6374c9ef72535908acf210b12d95e896f055be9d7d8d91
SHA512

7365f4f940bdd982ea01463665046c398de379fe561fb028894558c130415fc560ae0e82760924066ee6ad051e92e1697319ed72d323e940f0e733db70577a24
SSDEEP

3072:7gASzXtjewizixwWai2IHN54WhuYuHU44vSqLjEnVTza+rVKQ8AeLtJd:ChVizywWnlt/hu1U446qHEngyVKzAil

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  4ba5c87a94c9929e51c3c8c09b45d8a70fda5e1518691c979b770d64bec3cf4d.exe
- Size
  
  269KB
- MD5
  
  9f034c7e35bd5ac25923a93605d516cf
- SHA1
  
  57f6639214c0585ac2ca94c1fe4ec9dd7c42267d
- SHA256
  
  4ba5c87a94c9929e51c3c8c09b45d8a70fda5e1518691c979b770d64bec3cf4d
- SHA512
  
  523c066a61ae37452d25a59728938ec360b1d49962b4c26f319c8f8afbcad1c8412c973ca48cf25679de3a6844f2854d683512697117e4f25bda954f117ea107
- SSDEEP
  
  3072:LKKN3V681HJ6hLz1elSSUfaZ99u9wHxa+cty1FFxofkKaqUjlg5bAZ8:W69A5ek847+1Zx4kKy+A
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2