smokeloader

General

Target

86b5f6576b5dcce99cf26bef20db2e4587c747d55a2ae0190ad49ea426f4bf3e
Size

258KB
Sample

240422-f2vcesgc64
MD5

266b52ae0665636fe76ba86cc9207173
SHA1

a4fb9e83f5f6200d17f999768a85ec06690e3987
SHA256

86b5f6576b5dcce99cf26bef20db2e4587c747d55a2ae0190ad49ea426f4bf3e
SHA512

515909078bc3a68f93ed1cdb375fe9fec005503fe77d7296690e17ed134ed35d21a414269673f6814ad62fa2fbe6953239c9b839d4f48002da822c956a62dcdc
SSDEEP

3072:iR9Xnd8ur2QCGUIj+jeNBl/weuW/MxDhxir6LMTt7/IjYzv311jOjshFuvTR5:2d8HT8jd/we2DWr6LMTt7gMzv1BOj7z

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  86b5f6576b5dcce99cf26bef20db2e4587c747d55a2ae0190ad49ea426f4bf3e
- Size
  
  258KB
- MD5
  
  266b52ae0665636fe76ba86cc9207173
- SHA1
  
  a4fb9e83f5f6200d17f999768a85ec06690e3987
- SHA256
  
  86b5f6576b5dcce99cf26bef20db2e4587c747d55a2ae0190ad49ea426f4bf3e
- SHA512
  
  515909078bc3a68f93ed1cdb375fe9fec005503fe77d7296690e17ed134ed35d21a414269673f6814ad62fa2fbe6953239c9b839d4f48002da822c956a62dcdc
- SSDEEP
  
  3072:iR9Xnd8ur2QCGUIj+jeNBl/weuW/MxDhxir6LMTt7/IjYzv311jOjshFuvTR5:2d8HT8jd/we2DWr6LMTt7gMzv1BOj7z
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2