smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

1ebdfc9620bd08105808d59cc890bbe5c9eb5c27d6167fc19a6fa50475ba6727_NeikiAnalytics.exe
Size

227KB
Sample

240625-2xgresyfja
MD5

31a0566dc46129543335b523e7336900
SHA1

dddeac01bd8afa707173d1a73e74707c766f16c6
SHA256

1ebdfc9620bd08105808d59cc890bbe5c9eb5c27d6167fc19a6fa50475ba6727
SHA512

06111add34f7fa9e1fc566442abcb8069b8525ff1eebb6dc58f8c166e9189f5e18d3e22522908e91456a0dafe7db960b590f833368511cad657e2b4baa4fe162
SSDEEP

3072:IuU8KLcZklCWZh+ramRHtLgmYT3sgehMjbr/4G2XKQGb3VqnF23MXX:wDc6CWKrBHtLNCJehMDc8zVWF23M

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2022

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  1ebdfc9620bd08105808d59cc890bbe5c9eb5c27d6167fc19a6fa50475ba6727_NeikiAnalytics.exe
- Size
  
  227KB
- MD5
  
  31a0566dc46129543335b523e7336900
- SHA1
  
  dddeac01bd8afa707173d1a73e74707c766f16c6
- SHA256
  
  1ebdfc9620bd08105808d59cc890bbe5c9eb5c27d6167fc19a6fa50475ba6727
- SHA512
  
  06111add34f7fa9e1fc566442abcb8069b8525ff1eebb6dc58f8c166e9189f5e18d3e22522908e91456a0dafe7db960b590f833368511cad657e2b4baa4fe162
- SSDEEP
  
  3072:IuU8KLcZklCWZh+ramRHtLgmYT3sgehMjbr/4G2XKQGb3VqnF23MXX:wDc6CWKrBHtLNCJehMDc8zVWF23M
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2