smokeloader

General

Target

5ded80193e96c1d11f9694fa793bd7005864abd8668e3c997617b8e10e9ecb04.exe
Size

204KB
Sample

240522-b4jlgsgc76
MD5

5087c015128fdaeffea2bc1bf355deac
SHA1

32c6ed86a79a56be10168d07bd3217144476b1cc
SHA256

5ded80193e96c1d11f9694fa793bd7005864abd8668e3c997617b8e10e9ecb04
SHA512

01099066345dcda66d71b1f429eccfd131c2ea6df029336c2404cc994fbf79b77045717a7addbc49a3b8a5f80aaaa6a4b7f3004165b47da967e44c23a16a9efb
SSDEEP

3072:A6BkWgqBkK/P+Rs68+RxQuuyQdZcLz1P3gdEi6ziMl5654wH8HZDDKLYS:AfDnI1eQaQdAOdEiSiwU41IY

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

sel2

Extracted

Family

smokeloader

Version

2022

C2

https://airwide-land.com/calcroom.php

https://summerwaterhall.com/calcroom.php

rc4.i32

Targets

- Target
  
  5ded80193e96c1d11f9694fa793bd7005864abd8668e3c997617b8e10e9ecb04.exe
- Size
  
  204KB
- MD5
  
  5087c015128fdaeffea2bc1bf355deac
- SHA1
  
  32c6ed86a79a56be10168d07bd3217144476b1cc
- SHA256
  
  5ded80193e96c1d11f9694fa793bd7005864abd8668e3c997617b8e10e9ecb04
- SHA512
  
  01099066345dcda66d71b1f429eccfd131c2ea6df029336c2404cc994fbf79b77045717a7addbc49a3b8a5f80aaaa6a4b7f3004165b47da967e44c23a16a9efb
- SSDEEP
  
  3072:A6BkWgqBkK/P+Rs68+RxQuuyQdZcLz1P3gdEi6ziMl5654wH8HZDDKLYS:AfDnI1eQaQdAOdEiSiwU41IY
Score

10^/10

smokeloader sel2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2