smokeloader

General

Target

3.exe
Size

233KB
Sample

240526-kdlslacd51
MD5

eda6e5a44657001108351760d2425c80
SHA1

bff6e0250b689d1431e72f8cf070d115ba4720f9
SHA256

7728eb47da1cbc7e34e79df27d3e9f47f0d5054baf0c9bfa3bb44ebafa9a6d6f
SHA512

9af07ebae8bfe8158f7cdec67ac7849f3098c7b4c93fa4769ff67b40ef067221c32cc32eaf5daa2f53f5ff14c507c065e218ad00e66460f9e3737da29ff7f86e
SSDEEP

3072:45pTizma5Es7ry+KlhQoHb0NlJD4/P4rmmye8QBgW8a1IIsT8:GFa5F6t0vD4/PSm8qhIsT

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Extracted

Family

smokeloader

Version

2022

C2

http://dbfhns.in/tmp/index.php

http://guteyr.cc/tmp/index.php

http://greendag.ru/tmp/index.php

http://lobulraualov.in.net/tmp/index.php

rc4.i32

Targets

- Target
  
  3.exe
- Size
  
  233KB
- MD5
  
  eda6e5a44657001108351760d2425c80
- SHA1
  
  bff6e0250b689d1431e72f8cf070d115ba4720f9
- SHA256
  
  7728eb47da1cbc7e34e79df27d3e9f47f0d5054baf0c9bfa3bb44ebafa9a6d6f
- SHA512
  
  9af07ebae8bfe8158f7cdec67ac7849f3098c7b4c93fa4769ff67b40ef067221c32cc32eaf5daa2f53f5ff14c507c065e218ad00e66460f9e3737da29ff7f86e
- SSDEEP
  
  3072:45pTizma5Es7ry+KlhQoHb0NlJD4/P4rmmye8QBgW8a1IIsT8:GFa5F6t0vD4/PSm8qhIsT
Score

10^/10

smokeloader pub3 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2