smokeloader

General

Target

b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1
Size

226KB
Sample

240624-gd28sssapq
MD5

f61c7b1a264cec5ccdf9df00ab136b05
SHA1

3aa84e4727bec8bb3c26c6b0fbdc55c25ddfcdf8
SHA256

b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1
SHA512

e8e29bb4118e061f49d0d27c178e3d01edf880fdf18fd39f9341e499196e0929cc4845578742d7da5ba4fd42d72487fa81fe826e3b2b746910d4698b9929f10a
SSDEEP

3072:HybKG/Rtu5I0f9fy/XZ8ptYKA1gyJ/7sz+X7iAVCXopM5gYK:HkRtu5nfmOpCXT/hUQIi

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1
- Size
  
  226KB
- MD5
  
  f61c7b1a264cec5ccdf9df00ab136b05
- SHA1
  
  3aa84e4727bec8bb3c26c6b0fbdc55c25ddfcdf8
- SHA256
  
  b1ff1451c947311f7841f5958213d65a5b33423d7bc751202cb1fcd0bc61cfc1
- SHA512
  
  e8e29bb4118e061f49d0d27c178e3d01edf880fdf18fd39f9341e499196e0929cc4845578742d7da5ba4fd42d72487fa81fe826e3b2b746910d4698b9929f10a
- SSDEEP
  
  3072:HybKG/Rtu5I0f9fy/XZ8ptYKA1gyJ/7sz+X7iAVCXopM5gYK:HkRtu5nfmOpCXT/hUQIi
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2