smokeloader

General

Target

smoki.exe
Size

37KB
Sample

240523-yjlaxaea3t
MD5

36da0a1d6f88800b96c2f4cf69ec79d0
SHA1

c1e5c01a230c35931d061caa87cfcf2fa19e933f
SHA256

9c9df8669f1b07ec66e7b82ac97e188412f82ce549fb3552cca84413005fec9f
SHA512

801ec6d3f032d3bbae7f330ce709bcf5f22654265968e6ded73875fad89eed0323bb789c959aacb34b9267fc4b7c9400de5ad659303819b3bb4443819cd6a128
SSDEEP

768:X3TAscKbB2s4iZ1/NPT3r0JxHWSLzyyiDj78C:HTjb/LhudW80n

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://rafraystore.ru/index.php

http://picwalldoor.ru/index.php

http://agentsuperpupervinil.ru/index.php

http://vivianstyler.ru/index.php

http://sephoraofficetz.ru/index.php

http://vikompalion.ru/index.php

http://ccbaminumpot.ru/index.php

rc4.i32

Targets

- Target
  
  smoki.exe
- Size
  
  37KB
- MD5
  
  36da0a1d6f88800b96c2f4cf69ec79d0
- SHA1
  
  c1e5c01a230c35931d061caa87cfcf2fa19e933f
- SHA256
  
  9c9df8669f1b07ec66e7b82ac97e188412f82ce549fb3552cca84413005fec9f
- SHA512
  
  801ec6d3f032d3bbae7f330ce709bcf5f22654265968e6ded73875fad89eed0323bb789c959aacb34b9267fc4b7c9400de5ad659303819b3bb4443819cd6a128
- SSDEEP
  
  768:X3TAscKbB2s4iZ1/NPT3r0JxHWSLzyyiDj78C:HTjb/LhudW80n
Score

10^/10

smokeloader backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2