Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44dcecdd789e625dd5a9fca1cbe8387a7a67ac3569bfa8ebe47cd2c32259a046

  • Size

    208KB

  • Sample

    240507-k6cemacf26

  • MD5

    026d553f5e3ef3ed1a2a1203f5806b82

  • SHA1

    b16b54fc00bcb81e20ff70d5e548c6d114325201

  • SHA256

    44dcecdd789e625dd5a9fca1cbe8387a7a67ac3569bfa8ebe47cd2c32259a046

  • SHA512

    7e8dd6c9c2603bb596cf6ff9636fd7950a91d09c2d0c17b7c43c7fba8264325cbc3461f4cb909a565db0bb0d4af9f1e1a607071adf71e378e3f8f774c354e721

  • SSDEEP

    1536:Kn/jNU5+17bkbMb92dG+OKGSNkN7u0mDdsJTqjFKmE3QIDBF/5B8V2y1IvM:exb9UGwGMkU0gdsJesmE3dDL/5B8cc

Score
10/10
smokeloaderpub1backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Targets

    • Target

      44dcecdd789e625dd5a9fca1cbe8387a7a67ac3569bfa8ebe47cd2c32259a046

    • Size

      208KB

    • MD5

      026d553f5e3ef3ed1a2a1203f5806b82

    • SHA1

      b16b54fc00bcb81e20ff70d5e548c6d114325201

    • SHA256

      44dcecdd789e625dd5a9fca1cbe8387a7a67ac3569bfa8ebe47cd2c32259a046

    • SHA512

      7e8dd6c9c2603bb596cf6ff9636fd7950a91d09c2d0c17b7c43c7fba8264325cbc3461f4cb909a565db0bb0d4af9f1e1a607071adf71e378e3f8f774c354e721

    • SSDEEP

      1536:Kn/jNU5+17bkbMb92dG+OKGSNkN7u0mDdsJTqjFKmE3QIDBF/5B8V2y1IvM:exb9UGwGMkU0gdsJesmE3dDL/5B8cc

    Score
    10/10
    smokeloaderpub1backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks