smokeloader

General

Target

a36af4f79d438db2f56275b4c588c7595950c2c262f102751c93ec13994082ea
Size

127KB
Sample

240417-rqd2vadb8y
MD5

62bcd94ea4dc20b4a2801ff00daa279a
SHA1

107d18a95b0f9939124fd3d0dc09d18fd2a072f0
SHA256

a36af4f79d438db2f56275b4c588c7595950c2c262f102751c93ec13994082ea
SHA512

830868151ddd7c748b200152d980ee0a5a47b3f711366e76f278687c0fd5887dd82ac2447311fcbe71525092e071fec6d7ca566877fc935a0453416eaf8b6eee
SSDEEP

3072:FDfggg5Ux9CuqpH7m4Cec+aU7RweD3g2uf04g8oDxowJzN:Frggg5Ux9Cz7m4eqwd84g8oFjZ

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  c40fe915433c1a8094a858affe62c6079154c668645f8e17751e7f39ebf4d31b.exe
- Size
  
  211KB
- MD5
  
  28c17350f0da6941f68bbea0eb5af380
- SHA1
  
  42d3ea0b53b6f76b729a9cef45341fae29933d88
- SHA256
  
  c40fe915433c1a8094a858affe62c6079154c668645f8e17751e7f39ebf4d31b
- SHA512
  
  b1bd4d2d1787575b7d5155926aa248203b317f33e13eb237ecb1d33353c3146e6ed67da239f0e96ff98adf8aa7309e6f37f666107176bb6461621d7287fb750f
- SSDEEP
  
  3072:BIVw4zCuQGezasu4/2z6EuQ/yu0ZsBMRpSQDB8mm3CmO:BIm4GudBsukQ5o8NR
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2