smokeloader

General

Target

a7abbbf02fcd2e38feafd5b6edf2699d3457256a3b635da9a62dd8b6bfbf1535
Size

310KB
Sample

240419-qrm6gade75
MD5

822572786b181ffa47f6c8830e0dfbf0
SHA1

df0d42904e91401156f5726a29eb86f3cbad14d6
SHA256

a7abbbf02fcd2e38feafd5b6edf2699d3457256a3b635da9a62dd8b6bfbf1535
SHA512

e6c979df6dfa31a0eced2bea427c4b1662d2b0ef3da297a8a06292ea0f462ed25ce07cdc388ccbce9cde36ada82c3dcde564ce47c28e38afeb7aebda6ef062bc
SSDEEP

6144:CEYxk/kf7OYoVKpdxzc36p9QhOiWzCqN3O:Cbu/kf7OYocpdxDaOiGNe

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  a7abbbf02fcd2e38feafd5b6edf2699d3457256a3b635da9a62dd8b6bfbf1535
- Size
  
  310KB
- MD5
  
  822572786b181ffa47f6c8830e0dfbf0
- SHA1
  
  df0d42904e91401156f5726a29eb86f3cbad14d6
- SHA256
  
  a7abbbf02fcd2e38feafd5b6edf2699d3457256a3b635da9a62dd8b6bfbf1535
- SHA512
  
  e6c979df6dfa31a0eced2bea427c4b1662d2b0ef3da297a8a06292ea0f462ed25ce07cdc388ccbce9cde36ada82c3dcde564ce47c28e38afeb7aebda6ef062bc
- SSDEEP
  
  6144:CEYxk/kf7OYoVKpdxzc36p9QhOiWzCqN3O:Cbu/kf7OYocpdxDaOiGNe
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2