smokeloader

General

Target

83f7f0fd12bd5cd73459f02b41a1faec93347f7f2eade76aaef584dbc3f18f17
Size

264KB
Sample

240425-dlv8nseb92
MD5

81d6cd6bc70a123a732ff29d41c17d6e
SHA1

bb98ec279bb3e7ec5a7750e4581d39a78fff27f7
SHA256

83f7f0fd12bd5cd73459f02b41a1faec93347f7f2eade76aaef584dbc3f18f17
SHA512

4e3cd438f5649612a82fa4d03dbc2204101aa4f1b8b538d80d60f4a088b34b56108a992e6de89be7a23c1a2b69cad7d8bf7e902767f7384301057aed00636a99
SSDEEP

3072:C1HF1rzpHiwW++HPiXnBdP7yCN4mD0D1eK34dmUzZRUkM/4knlVUPBBu:E9fW0TOAD0DwD/bUkM/4kn/UPB

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://nidoe.org/tmp/index.php

http://sodez.ru/tmp/index.php

http://uama.com.ua/tmp/index.php

http://talesofpirates.net/tmp/index.php

rc4.i32

Targets

- Target
  
  83f7f0fd12bd5cd73459f02b41a1faec93347f7f2eade76aaef584dbc3f18f17
- Size
  
  264KB
- MD5
  
  81d6cd6bc70a123a732ff29d41c17d6e
- SHA1
  
  bb98ec279bb3e7ec5a7750e4581d39a78fff27f7
- SHA256
  
  83f7f0fd12bd5cd73459f02b41a1faec93347f7f2eade76aaef584dbc3f18f17
- SHA512
  
  4e3cd438f5649612a82fa4d03dbc2204101aa4f1b8b538d80d60f4a088b34b56108a992e6de89be7a23c1a2b69cad7d8bf7e902767f7384301057aed00636a99
- SSDEEP
  
  3072:C1HF1rzpHiwW++HPiXnBdP7yCN4mD0D1eK34dmUzZRUkM/4knlVUPBBu:E9fW0TOAD0DwD/bUkM/4kn/UPB
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2