smokeloader

General

Target

b2ed2f827162ed73c3b0d575ea7c4cb7fd306df2d55ad7807dc5619f9a280cde
Size

172KB
Sample

240417-rrfxtsdc6w
MD5

5f6160c6f21ad3fa42f3772a86e156f0
SHA1

f0f030d624b907afd104c1347cb7eb2cfe2f26f7
SHA256

b2ed2f827162ed73c3b0d575ea7c4cb7fd306df2d55ad7807dc5619f9a280cde
SHA512

689a9681efedfe3e5694725548fefecf0a1402ecc5fd0c2a85ff8b84bfc03b20342ce0277915ee7f565d578c683094ac75933c573cd190e1aa0d596fc7ec4b0c
SSDEEP

3072:wvlUu0CUH+0TgyBO78tJqW3pAFGF6myuVm+cVgp5H1txk+HmMjYnj9eMtLjMrjlt:wNyCUelyzqUpAFGF6mbVLpJ17l8j9B4X

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  792ffcaac46bcdba41b9353711635fea5e59a0e94c6da5a4b863f06aabedb0b0.exe
- Size
  
  287KB
- MD5
  
  231b61bd55c92a2e2a5d4b9f2ceecb21
- SHA1
  
  3e0ca84f78567b8ca141deb40a339102db4ed398
- SHA256
  
  792ffcaac46bcdba41b9353711635fea5e59a0e94c6da5a4b863f06aabedb0b0
- SHA512
  
  4596e3ebbd060559680878736d31ede1453abfc98ebaf459e5f05858455cdcdb9211132e01b8d6e2e44b99ced5b290c96fba7802640a6b827fafa4582c282668
- SSDEEP
  
  3072:pziRfFi3WzI2O7Ek85+CAkg+wLSSkgZJ5ZLwRzzx288JUxaIa2VM:ERfFDJk8Akg+92ZJ588JUxaIh
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2