smokeloader

General

Target

172760ea904bff580daff9d791580baa522095a5c422a0e641e402a7c27af859
Size

171KB
Sample

240417-rxyptsdf9z
MD5

c6ee2a8795d395150f8b1870fb448088
SHA1

c5046894f881fe5f4f74e50ec55e6be5fcba668a
SHA256

172760ea904bff580daff9d791580baa522095a5c422a0e641e402a7c27af859
SHA512

38eeabb60e894464164b8f64e80eaccd5a3ed4c963ca57ce0e5c42bf6c9ff3e361a2fbeadcc4cf20961654970747f53053034526850ddcb57647b924475df0fe
SSDEEP

3072:jTg4FIvXzMxA+Vb4NCH0HFHXUg6dxtbDSToO+T2L9Mwo2QQ9H1qJFkfkjQyXy40:jU4FIQxNas0HFHXUVz1qEsq2t9HcJFkv

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://sjyey.com/tmp/index.php

http://babonwo.ru/tmp/index.php

http://mth.com.ua/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

Targets

- Target
  
  8e805694075e2a0ed78cdddde1890a93d056b501ed37a6815181923ae9ed1f69.exe
- Size
  
  291KB
- MD5
  
  5b9a879ce94a34a4934845b684375525
- SHA1
  
  23184a3e3f87778cddd07b00ed7882b808691e58
- SHA256
  
  8e805694075e2a0ed78cdddde1890a93d056b501ed37a6815181923ae9ed1f69
- SHA512
  
  559235970644f4906024e69991c3bb49e57db3d5c77e22fcb57076a75cbde94c3f7af1ba2c6df1c16637caf5bd927b4d60c9ff10bcae90a1019183c72e891dc9
- SSDEEP
  
  6144:0W8pztQVn2NsRbE+K4iV3Cy61U4eLk1kqc:0BSVn2NE4zVVS/1U4eQe5
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2