smokeloader

General

Target

dbf3a45df3d3849bc028c3bccb852655cb0d01edadc9ff0cbc6c88e50dca5d23
Size

234KB
Sample

240526-bfk5eahb5y
MD5

02644161e2f9fc67a85443420a706f53
SHA1

c278f508913fadb1d122d49e91dffc55c6e9dc57
SHA256

dbf3a45df3d3849bc028c3bccb852655cb0d01edadc9ff0cbc6c88e50dca5d23
SHA512

7fba5a1c4ca72c11bd3eba486528b335052e0b07cdc446a12e6a2917bad6ca5d01783819dfc61023ab59119469970ac93dc043f7313e3507dd84452f8b3ef626
SSDEEP

6144:ZDoRVGTcR02XAYkjp6p5b9KSWatq6Z0JT:toRWi0QAfdehWJ

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://dbfhns.in/tmp/index.php

http://guteyr.cc/tmp/index.php

http://greendag.ru/tmp/index.php

http://lobulraualov.in.net/tmp/index.php

rc4.i32

Targets

- Target
  
  dbf3a45df3d3849bc028c3bccb852655cb0d01edadc9ff0cbc6c88e50dca5d23
- Size
  
  234KB
- MD5
  
  02644161e2f9fc67a85443420a706f53
- SHA1
  
  c278f508913fadb1d122d49e91dffc55c6e9dc57
- SHA256
  
  dbf3a45df3d3849bc028c3bccb852655cb0d01edadc9ff0cbc6c88e50dca5d23
- SHA512
  
  7fba5a1c4ca72c11bd3eba486528b335052e0b07cdc446a12e6a2917bad6ca5d01783819dfc61023ab59119469970ac93dc043f7313e3507dd84452f8b3ef626
- SSDEEP
  
  6144:ZDoRVGTcR02XAYkjp6p5b9KSWatq6Z0JT:toRWi0QAfdehWJ
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2