smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

cded5b7ba6b257bcbea829cd06dbab1d97ca9f72b41f82526cfbcf8b99ba68f0
Size

316KB
Sample

240625-yygk9sshll
MD5

97175eb8e852354cefb670f6863bb703
SHA1

efecc11d00781ed16891a3564223aa543698c3aa
SHA256

cded5b7ba6b257bcbea829cd06dbab1d97ca9f72b41f82526cfbcf8b99ba68f0
SHA512

ae36ea89767b4690c909b4c1c16840749653e53356316a877030e17b529d575946793521ef151b4fa637525bcd46f62785df4ed14da3fbee7071fd5d4c3a9631
SSDEEP

3072:a6SLDd01WNOGMb1T1tsy05Zt4Lt3oS1Ek1EfxTEqS:8L50kWpYym83ZNt

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  cded5b7ba6b257bcbea829cd06dbab1d97ca9f72b41f82526cfbcf8b99ba68f0
- Size
  
  316KB
- MD5
  
  97175eb8e852354cefb670f6863bb703
- SHA1
  
  efecc11d00781ed16891a3564223aa543698c3aa
- SHA256
  
  cded5b7ba6b257bcbea829cd06dbab1d97ca9f72b41f82526cfbcf8b99ba68f0
- SHA512
  
  ae36ea89767b4690c909b4c1c16840749653e53356316a877030e17b529d575946793521ef151b4fa637525bcd46f62785df4ed14da3fbee7071fd5d4c3a9631
- SSDEEP
  
  3072:a6SLDd01WNOGMb1T1tsy05Zt4Lt3oS1Ek1EfxTEqS:8L50kWpYym83ZNt
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2