smokeloader

General

Target

e81d630913cc59445f4f494958e27dff4656ae722abeb53125b1757cbac36546
Size

148KB
Sample

240417-rmdxnsbe56
MD5

aa9ab4234c8490426de5ce2eef93a023
SHA1

14a8df76765964c6969fe52725d4407e0f3ce34e
SHA256

e81d630913cc59445f4f494958e27dff4656ae722abeb53125b1757cbac36546
SHA512

9a8d65bd5e0d7ed0b875488edfab96c9aec81ced1fcfbe0ff5ff7aef55c5ebe71f3cbcbe5d52609bfdcdb92a90bc6f290df320dd71c1711e113439fc452bc126
SSDEEP

3072:YkimJKUwSNWpIPCccx/iwc8ch3B2SvTk0MfMjwlj1h5jf1J:YgISNXCcc9iwc8Uj7kZf/Zl

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

tfd5

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php

rc4.i32

Targets

- Target
  
  078f586ebb8a22305540fb5982b2521f1b82e4317f286e13bab680fff0a9d164.exe
- Size
  
  232KB
- MD5
  
  6958acc382e71103a0b83d20bbbb37d2
- SHA1
  
  65bf64dfcabf7bc83e47ffc4360cda022d4dab34
- SHA256
  
  078f586ebb8a22305540fb5982b2521f1b82e4317f286e13bab680fff0a9d164
- SHA512
  
  ebfa8b6986630b3502409d38cdff54881e4bce48511c7ba4f027345296c29708112c19ec6c9181c4b0188fa1f5cbe17b3c5d44dc07f33858323c677ef9caaeae
- SSDEEP
  
  3072:FdfbYSFlTBL/A9OYh6++4hY7gfv9yPQxAVUmZAzsqvj1letKv/jbNRKCnrQbW:PbYSFH/AYYh9vERVUmSAQj1la9
Score

10^/10

smokeloader tfd5 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2