smokeloader

General

Target

25bc7b4372bd09d3489a97dab7c303b1570b1b659bd691380f0a7667378e8542
Size

276KB
Sample

240418-2dah1agf25
MD5

047caf966f576f668c8b0486c668db8d
SHA1

75114f4e85e8884c36a723b61ed1f8c134eda375
SHA256

25bc7b4372bd09d3489a97dab7c303b1570b1b659bd691380f0a7667378e8542
SHA512

8cf144edfadb11b8b906febddb7d58484e028ba487ceec0ca311d8bd1dc45799cd44c6bb635035ee05581aa18bb490b1d4642f89738d133f519df793084d02f4
SSDEEP

3072:wKLltcY6Kh6VO5zVwMxj7zEvi/ZFHARFjn7T5dmdf1:VLkY60pzVHxHEviTcD7O

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  25bc7b4372bd09d3489a97dab7c303b1570b1b659bd691380f0a7667378e8542
- Size
  
  276KB
- MD5
  
  047caf966f576f668c8b0486c668db8d
- SHA1
  
  75114f4e85e8884c36a723b61ed1f8c134eda375
- SHA256
  
  25bc7b4372bd09d3489a97dab7c303b1570b1b659bd691380f0a7667378e8542
- SHA512
  
  8cf144edfadb11b8b906febddb7d58484e028ba487ceec0ca311d8bd1dc45799cd44c6bb635035ee05581aa18bb490b1d4642f89738d133f519df793084d02f4
- SSDEEP
  
  3072:wKLltcY6Kh6VO5zVwMxj7zEvi/ZFHARFjn7T5dmdf1:VLkY60pzVHxHEviTcD7O
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2