smokeloader

General

Target

31d2245738b8b7b38793b3a8e770ae80_NeikiAnalytics.exe
Size

211KB
Sample

240525-24eweaee77
MD5

31d2245738b8b7b38793b3a8e770ae80
SHA1

d8f6e10db4111dac83b3ff69096b2fa952882d3a
SHA256

8f79a923b128ebefd6b246f736dbe2745118442394f1b5a284a49c59a79d6c92
SHA512

e3fbe3777ea9f664df6f698d99af1693bda86640f1c5539a78ead906a5ba12eaec375f5ff11b64f163bf72c76e04968e8b3effe8ad7ecd229c17d431cdef1b01
SSDEEP

3072:2s7akQHf4C/RgMhg2Z6+6sSwevGUp6EQ8iUdoWNxb4PltslTqAoe2Ce:tOwC5gh9NpTQ8i1WNZq2lTFoe2

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2022

C2

http://bipto.org/tmp/index.php

http://jobresurs.ru/tmp/index.php

http://tonybabb.com/tmp/index.php

rc4.i32

Targets

- Target
  
  31d2245738b8b7b38793b3a8e770ae80_NeikiAnalytics.exe
- Size
  
  211KB
- MD5
  
  31d2245738b8b7b38793b3a8e770ae80
- SHA1
  
  d8f6e10db4111dac83b3ff69096b2fa952882d3a
- SHA256
  
  8f79a923b128ebefd6b246f736dbe2745118442394f1b5a284a49c59a79d6c92
- SHA512
  
  e3fbe3777ea9f664df6f698d99af1693bda86640f1c5539a78ead906a5ba12eaec375f5ff11b64f163bf72c76e04968e8b3effe8ad7ecd229c17d431cdef1b01
- SSDEEP
  
  3072:2s7akQHf4C/RgMhg2Z6+6sSwevGUp6EQ8iUdoWNxb4PltslTqAoe2Ce:tOwC5gh9NpTQ8i1WNZq2lTFoe2
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2