smokeloader

General

Target

7b0433328c24afa1d12d7baff5b5a0279bdd6e18af2f2c1e33889d83ac754550
Size

148KB
Sample

240417-rtrgcaca37
MD5

475de799ea6785ac65ffe669049c5dd7
SHA1

4c847c1722366d2d0a7d811dec9d886877a4d025
SHA256

7b0433328c24afa1d12d7baff5b5a0279bdd6e18af2f2c1e33889d83ac754550
SHA512

25a245be071a3e7b8feba73b784535f92b8e34561adbedb9b4974e87bb714070c13eb7a572a3915a97a687090d030a07340674ed0684036d60bf59e7da9137dc
SSDEEP

3072:spWiNPygvgr8a9xL8fNcaaWKTRoKRuzvs8GuHVyIVzA5fb7nK:+BPdvg4QSsRHRuzk8dHVNVsK

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  596deb8b0bd3e5d896621a03864b06cea162044db570726d26272713b9cbf322.exe
- Size
  
  244KB
- MD5
  
  f729ad3d87956df1e6337e209350ef59
- SHA1
  
  8e2a49c64db2dea18fc1fb840515d01cbbe6b110
- SHA256
  
  596deb8b0bd3e5d896621a03864b06cea162044db570726d26272713b9cbf322
- SHA512
  
  1529615ca5cd1dfa91bf9cdd0dd20784f6759cd2ba80be369892b44d61b8c8e74f66f25cb6f12be43bb416bc7b631e2cf5493b656c0cca75780d5ff0407d1829
- SSDEEP
  
  3072:qT5GKwmrrRm2y+s5W7HwfsAfMTykbOF6rxlVZZhUm1hmB:uGKwzawlfMgF6rxlVram1h
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2