smokeloader

General

Target

af34db635b2611db4d658446cfead78d4aff4a583310e7d48fada847eade92e7
Size

311KB
Sample

240624-ps5apswcjl
MD5

2fa22a697b5dc3ae495a393004aa9b1c
SHA1

2ee61a014cad78c8ee61d1226b4bc439b572eb8b
SHA256

af34db635b2611db4d658446cfead78d4aff4a583310e7d48fada847eade92e7
SHA512

1c55d4f6d2c753f876d998da8614ad66e69032013d205ae4f7c2ac15f5098a957432d815b6ed4b18455f1954f4226040fe31330994941d9973c1caae889f7ff8
SSDEEP

3072:c6RvLzSkS/tuKGpMDCxDJ5T9YAmQbAmQkbP:c6JL2kSluzTZ9nmHm

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  af34db635b2611db4d658446cfead78d4aff4a583310e7d48fada847eade92e7
- Size
  
  311KB
- MD5
  
  2fa22a697b5dc3ae495a393004aa9b1c
- SHA1
  
  2ee61a014cad78c8ee61d1226b4bc439b572eb8b
- SHA256
  
  af34db635b2611db4d658446cfead78d4aff4a583310e7d48fada847eade92e7
- SHA512
  
  1c55d4f6d2c753f876d998da8614ad66e69032013d205ae4f7c2ac15f5098a957432d815b6ed4b18455f1954f4226040fe31330994941d9973c1caae889f7ff8
- SSDEEP
  
  3072:c6RvLzSkS/tuKGpMDCxDJ5T9YAmQbAmQkbP:c6JL2kSluzTZ9nmHm
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2