smokeloader

General

Target

3d6ebed4e7a6feb123cb81392020de8b1e7ab51c2c2df0061d3786e02eab77bd
Size

146KB
Sample

240417-rtl7made2x
MD5

14ad62fcba4bd22a0ffd73c659399352
SHA1

75a9326dd72b78601ddb8cb99232cb4a3b274cc0
SHA256

3d6ebed4e7a6feb123cb81392020de8b1e7ab51c2c2df0061d3786e02eab77bd
SHA512

45f1c8d6adb9936db8f9f4abf29c2805f6d7e4bf0858eacf5c2a319b0d5edca7329c2b67029c745abb2f034c6285d2edfbbf54b65915929f3ef9c6a40f532214
SSDEEP

3072:Z1SsWXh0d+vGqioCNdQlCwzgblem92XM+IsOD3t9a:Z1SsCIqyiAeLXLdOD3tQ

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  b55b2c5e4231ca2d7a08de7e7716b6eb4d840540fd1509bfe7d225a690bf9d23.exe
- Size
  
  243KB
- MD5
  
  b25c9ca4e49f3d3562868085117bf53e
- SHA1
  
  a66b197bb271053af99694d94c53f08e89526e6a
- SHA256
  
  b55b2c5e4231ca2d7a08de7e7716b6eb4d840540fd1509bfe7d225a690bf9d23
- SHA512
  
  46f710052e58f15d269e85b53fc6154bb78d8315348de795ac91bec93267adff0ad5916f1f849f2e07fde446abca45ba3198c116f438bf5b2b73f6a7f019b336
- SSDEEP
  
  3072:VszpWaPSL2brRWqwcYETKEJkJTstDR/8HXk2z6rxlVZZhUm1hmB:mWaPSLuK19M/8Zz6rxlVram1h
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2