smokeloader

General

Target

09ae5b72d7b3da05904c0edf9985ca64bca078f0a38e01eaceccc26bc2113fd8.exe
Size

210KB
Sample

240523-be8jbafg5w
MD5

a66f7c783c40326c27fad4db5587dc85
SHA1

77212137e94cd93a955374ff013d5ae8c92a0af5
SHA256

09ae5b72d7b3da05904c0edf9985ca64bca078f0a38e01eaceccc26bc2113fd8
SHA512

15fe97c4dcf2f0435e5b18840a7aea540bcff40566c5ae45dea3df03647aeb3e004de8bc773d5badf1fcdea76be7a854613784cbba06aa55064b6023acb8e188
SSDEEP

3072:sskFUgrChWOZ55UV9+GSi/6nIFjkFce9SkqB/3cx+JB/gjSQYUbJJRN5pwYS:MFL2WOH6fajL9Hw3O+JBkY+/fuY

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

sel2

Extracted

Family

smokeloader

Version

2022

C2

https://airwide-land.com/calcroom.php

https://summerwaterhall.com/calcroom.php

rc4.i32

Targets

- Target
  
  09ae5b72d7b3da05904c0edf9985ca64bca078f0a38e01eaceccc26bc2113fd8.exe
- Size
  
  210KB
- MD5
  
  a66f7c783c40326c27fad4db5587dc85
- SHA1
  
  77212137e94cd93a955374ff013d5ae8c92a0af5
- SHA256
  
  09ae5b72d7b3da05904c0edf9985ca64bca078f0a38e01eaceccc26bc2113fd8
- SHA512
  
  15fe97c4dcf2f0435e5b18840a7aea540bcff40566c5ae45dea3df03647aeb3e004de8bc773d5badf1fcdea76be7a854613784cbba06aa55064b6023acb8e188
- SSDEEP
  
  3072:sskFUgrChWOZ55UV9+GSi/6nIFjkFce9SkqB/3cx+JB/gjSQYUbJJRN5pwYS:MFL2WOH6fajL9Hw3O+JBkY+/fuY
Score

10^/10

smokeloader sel2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2