smokeloader

General

Target

0a3f358d5abeb3bbf6dc98a1f5d798cf50388ae95da605e9fe3a352b9ea41393
Size

311KB
Sample

240624-xyz7yaydma
MD5

fb38a83ce2fbb1d7ca5fb4bad6971e89
SHA1

c20e9c2654328ef2cd5879d33667945124a78bbd
SHA256

0a3f358d5abeb3bbf6dc98a1f5d798cf50388ae95da605e9fe3a352b9ea41393
SHA512

5d6ac47cd0ff14b026c66cae0c2e6625de7f3b6dc72bf2d992a903406c6413dfa92926b75bf8fdb3f862e903a5a44781113a875e137f005c345de99c98679399
SSDEEP

3072:wQKtMHLw8kCglGhPiODzZUs4ICcQuUkVYT5bUULcIozcIoA0L:w3taLfkCYeJZUzFczMFUULcIozcIo

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  0a3f358d5abeb3bbf6dc98a1f5d798cf50388ae95da605e9fe3a352b9ea41393
- Size
  
  311KB
- MD5
  
  fb38a83ce2fbb1d7ca5fb4bad6971e89
- SHA1
  
  c20e9c2654328ef2cd5879d33667945124a78bbd
- SHA256
  
  0a3f358d5abeb3bbf6dc98a1f5d798cf50388ae95da605e9fe3a352b9ea41393
- SHA512
  
  5d6ac47cd0ff14b026c66cae0c2e6625de7f3b6dc72bf2d992a903406c6413dfa92926b75bf8fdb3f862e903a5a44781113a875e137f005c345de99c98679399
- SSDEEP
  
  3072:wQKtMHLw8kCglGhPiODzZUs4ICcQuUkVYT5bUULcIozcIoA0L:w3taLfkCYeJZUzFczMFUULcIozcIo
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2