smokeloader

General

Target

9be21c291b8ab6af63dd7df4a224d4130a52432bc19d2dbd90a1ddbd44e9edc8
Size

192KB
Sample

240524-babc1sfc9y
MD5

3e1782eae29ca512d3dc69d540de9e43
SHA1

3a36b64a1c2b3b21d0a0472f2a8b3e6e04480ff3
SHA256

9be21c291b8ab6af63dd7df4a224d4130a52432bc19d2dbd90a1ddbd44e9edc8
SHA512

7b4f9d7a2a999658d99310f3d44756e4ed2f8d8f92576e6ace64d84a66f6241d52428e48b8ceed1549afe6651fe0c742a744e42c9d99883dcf1cb4f3e10a253a
SSDEEP

1536:D8LX/ZU55LWDH8v9PuUamMuwjGsKu/Xic5dCvkafzFtIaTmQN5sI+X1VeNka/Eyc:ATuYkSJicmsIzFuS5f+Xo/k

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

sel1

Extracted

Family

smokeloader

Version

2022

C2

https://natureanimalsreports.com/search.php

https://orlandomedianews.com/search.php

rc4.i32

Targets

- Target
  
  9be21c291b8ab6af63dd7df4a224d4130a52432bc19d2dbd90a1ddbd44e9edc8
- Size
  
  192KB
- MD5
  
  3e1782eae29ca512d3dc69d540de9e43
- SHA1
  
  3a36b64a1c2b3b21d0a0472f2a8b3e6e04480ff3
- SHA256
  
  9be21c291b8ab6af63dd7df4a224d4130a52432bc19d2dbd90a1ddbd44e9edc8
- SHA512
  
  7b4f9d7a2a999658d99310f3d44756e4ed2f8d8f92576e6ace64d84a66f6241d52428e48b8ceed1549afe6651fe0c742a744e42c9d99883dcf1cb4f3e10a253a
- SSDEEP
  
  1536:D8LX/ZU55LWDH8v9PuUamMuwjGsKu/Xic5dCvkafzFtIaTmQN5sI+X1VeNka/Eyc:ATuYkSJicmsIzFuS5f+Xo/k
Score

10^/10

smokeloader sel1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2