smokeloader

General

Target

f2bc91641d8c2e71bb591147ffa6d52ffe83de6fefee344bb53f603785c9a010
Size

299KB
Sample

240422-gsbdmagg2s
MD5

f9769d561a0edc190a71205dbb375fa5
SHA1

77118f9fd6ea57c98f10e541bc634a635027d47e
SHA256

f2bc91641d8c2e71bb591147ffa6d52ffe83de6fefee344bb53f603785c9a010
SHA512

745ff22f5391fd771039103e1ed9c6fcebdf052ca166a1b361369b010be289f9edc0e731b06a4ecb3bc2611e0ebdee5516eea062f2f79c8069d427c8c811f785
SSDEEP

3072:u4K3l3FgI0vE6d+2rbufS8sO23njSJanqebDEuoAN5O0yozsAFKZ:uLCEuNSmS4bDETS55yozsAFK

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  f2bc91641d8c2e71bb591147ffa6d52ffe83de6fefee344bb53f603785c9a010
- Size
  
  299KB
- MD5
  
  f9769d561a0edc190a71205dbb375fa5
- SHA1
  
  77118f9fd6ea57c98f10e541bc634a635027d47e
- SHA256
  
  f2bc91641d8c2e71bb591147ffa6d52ffe83de6fefee344bb53f603785c9a010
- SHA512
  
  745ff22f5391fd771039103e1ed9c6fcebdf052ca166a1b361369b010be289f9edc0e731b06a4ecb3bc2611e0ebdee5516eea062f2f79c8069d427c8c811f785
- SSDEEP
  
  3072:u4K3l3FgI0vE6d+2rbufS8sO23njSJanqebDEuoAN5O0yozsAFKZ:uLCEuNSmS4bDETS55yozsAFK
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2