Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c96f309576bad90c909696a555debcb06b2cdd7e3530c14663cf31657103be75

  • Size

    232KB

  • Sample

    240509-3hav1age79

  • MD5

    cd4bfaa691988c3da6e3afaa7a97a707

  • SHA1

    8b553730817f8c0caabb155b9f57ff338757a30c

  • SHA256

    c96f309576bad90c909696a555debcb06b2cdd7e3530c14663cf31657103be75

  • SHA512

    44ea33b4880af80bad57b5dac449fd11056a0a5a86afc012c6cf4a1e8b7a97c3c20130215885265d6bf049874c52934eb92330021cad332ccbcf41e3d744e668

  • SSDEEP

    3072:1nqEsTwZVmwXmuATH8duKILC2TX015DIsBkJQlM:RqEs174duKeCAEXeJK

Score
10/10
smokeloaderpub3backdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://cellc.org/tmp/index.php

http://h-c-v.ru/tmp/index.php

http://icebrasilpr.com/tmp/index.php

http://piratia-life.ru/tmp/index.php

http://piratia.su/tmp/index.php
rc4.i32
rc4.i32

Targets

    • Target

      c96f309576bad90c909696a555debcb06b2cdd7e3530c14663cf31657103be75

    • Size

      232KB

    • MD5

      cd4bfaa691988c3da6e3afaa7a97a707

    • SHA1

      8b553730817f8c0caabb155b9f57ff338757a30c

    • SHA256

      c96f309576bad90c909696a555debcb06b2cdd7e3530c14663cf31657103be75

    • SHA512

      44ea33b4880af80bad57b5dac449fd11056a0a5a86afc012c6cf4a1e8b7a97c3c20130215885265d6bf049874c52934eb92330021cad332ccbcf41e3d744e668

    • SSDEEP

      3072:1nqEsTwZVmwXmuATH8duKILC2TX015DIsBkJQlM:RqEs174duKeCAEXeJK

    Score
    10/10
    smokeloaderpub3backdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks