smokeloader

General

Target

e9971c0d4aabc8992cf13d93838b8a023e479747708a3fb0b6130552d80142bb
Size

170KB
Sample

240417-rxv9psdf9x
MD5

793ac3a18d1938c1220b863c476d2d3d
SHA1

9c5be690893ea22bacab5b3eab1df5a677219b16
SHA256

e9971c0d4aabc8992cf13d93838b8a023e479747708a3fb0b6130552d80142bb
SHA512

e0b6f17ac504e3657722baa1a055f75d21c8e4899bee8af11b823823e77a8a0af707f33f0a2880905141c303eb8a627a52f7fa7264c961526e62bbbfc58078fe
SSDEEP

3072:OqDqIMh5iFmKG9SIwZU1XHXMDf0/CTxZQOqqPC6IKqRDqwIxZ:OEdMisKPq1X8DfX/VPCmvZ

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  5e71ef0583d1acd753ddbbedf66eba782e00aeadc9ddc6fb101de518b23a6df8.exe
- Size
  
  291KB
- MD5
  
  b4984a96f357cc94dcc71cd41c584784
- SHA1
  
  031db44cd56aba904c2a86bef810f468e8ed4aae
- SHA256
  
  5e71ef0583d1acd753ddbbedf66eba782e00aeadc9ddc6fb101de518b23a6df8
- SHA512
  
  bec32c34ff69b701a2461d2dcaeb1e86684c609ba60331ce5131f854db9b0e75195daee40afa6f5be02ebb78b07ff59d0e973cbaa956f2c422612c519740b31d
- SSDEEP
  
  6144:hW8pztQVn2NsRW7AWqdXyiR0Ip61U4kUbFppU1kqc:hBSVn2NEW8WqdXBs1U4kcVUe5
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2