smokeloader

General

Target

57dcf9e07d0e1c811fa7d1386466d832.exe
Size

267KB
Sample

240526-t78nwsda3t
MD5

57dcf9e07d0e1c811fa7d1386466d832
SHA1

6d5dee42935f4ecff0a10de2c8aacce3ec4f986f
SHA256

1cd6d30ac1f36d9de8cbc4f38685aeed80628d47694cb9b199f455855202e7d9
SHA512

9aa70a4bf250b4b8309ac170f6b8f7a56ade8c2ee8ac3c8785f49de02809e2612948aefd1e5557b0afab96926d914126386ac12a85c9f9788d4e6445849e6cd7
SSDEEP

6144:fhaKS7XKusTiWb8PtdWic0IKxIQ+17LWT:f0B6uVIExIna

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub4

Extracted

Family

smokeloader

Version

2022

C2

http://dbfhns.in/tmp/index.php

http://guteyr.cc/tmp/index.php

http://greendag.ru/tmp/index.php

http://lobulraualov.in.net/tmp/index.php

rc4.i32

Targets

- Target
  
  57dcf9e07d0e1c811fa7d1386466d832.exe
- Size
  
  267KB
- MD5
  
  57dcf9e07d0e1c811fa7d1386466d832
- SHA1
  
  6d5dee42935f4ecff0a10de2c8aacce3ec4f986f
- SHA256
  
  1cd6d30ac1f36d9de8cbc4f38685aeed80628d47694cb9b199f455855202e7d9
- SHA512
  
  9aa70a4bf250b4b8309ac170f6b8f7a56ade8c2ee8ac3c8785f49de02809e2612948aefd1e5557b0afab96926d914126386ac12a85c9f9788d4e6445849e6cd7
- SSDEEP
  
  6144:fhaKS7XKusTiWb8PtdWic0IKxIQ+17LWT:f0B6uVIExIna
Score

10^/10

smokeloader pub4 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2