smokeloader

General

Target

ddc8a0d73129bc0fad22e65c7395d8356e8303835f2c811a4285fb2a4dc4cfa4
Size

147KB
Sample

240417-rt1d9ade41
MD5

ca4c522bb5fd172b299b87031b6b47f0
SHA1

e4802d690b4abf50299a53a275fe311765cefe43
SHA256

ddc8a0d73129bc0fad22e65c7395d8356e8303835f2c811a4285fb2a4dc4cfa4
SHA512

4d1c0af99200b66055bd2975bd42c1ee3d2cce1c79fcfde2f6d96dd351e45be0777f84896592d78282a7cf547f0b2518cdef5aa6ae8d2dbe83b1c62b2df23cd2
SSDEEP

3072:v7yYLY3C34Lg2VEcYBNB0FKq8+nDprLaXfxVJyZ16:vt8C4PVixIKqPnlPcxVJF

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  ff0500a380008b913b550a84c7ddcc17f4a8c07b6778f24e7dc333988b1fe336.exe
- Size
  
  244KB
- MD5
  
  1a1dfe0fb4917f9f6c0585af695ffc45
- SHA1
  
  9cfbb619dc98498f9791cf8b759bd1fca6983243
- SHA256
  
  ff0500a380008b913b550a84c7ddcc17f4a8c07b6778f24e7dc333988b1fe336
- SHA512
  
  0d9d6f4a7f2ea94a4877cf51a35b86141ff9e2ffd855986de097200f1f6bac1fef641275932cd1ea759fc555343ae94d8582cad237b02956758bc2338457e64e
- SSDEEP
  
  3072:/wZm1wLxrRmddvRLByDde2D0IifymfM3Md6kbYZQTdNRunrcSO4Dtl16/AaqP:Am1widpLByDdPD0lBfMfZjrNh
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2