smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

9af00dbe2aecfe5f8cd76a466ee05b9a2d8ec64bc4000d79e21a3a315bcc03c9
Size

310KB
Sample

240627-24k3esxbmc
MD5

4141910717b182a0cbe6e32c527e325f
SHA1

f247bc2dc5c671c74aef338be6f848bbf54e0d44
SHA256

9af00dbe2aecfe5f8cd76a466ee05b9a2d8ec64bc4000d79e21a3a315bcc03c9
SHA512

ae39c610cfe0a548627a7817cef6d87945f03fc559b3fd52a8f843e0499c8d04536880aabb7da90bfbeca6731a69a0763fa989b9f7f18237534798488f5dec2c
SSDEEP

3072:bB2ggCALXBkKgZc5TO4wePyVlv9vZbcx+dxg5bUkBaXa60P:bQgg7LxkKcM/3PyVl9hbndxCUkBs

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Extracted

Family

smokeloader

Botnet

pub1

Targets

- Target
  
  9af00dbe2aecfe5f8cd76a466ee05b9a2d8ec64bc4000d79e21a3a315bcc03c9
- Size
  
  310KB
- MD5
  
  4141910717b182a0cbe6e32c527e325f
- SHA1
  
  f247bc2dc5c671c74aef338be6f848bbf54e0d44
- SHA256
  
  9af00dbe2aecfe5f8cd76a466ee05b9a2d8ec64bc4000d79e21a3a315bcc03c9
- SHA512
  
  ae39c610cfe0a548627a7817cef6d87945f03fc559b3fd52a8f843e0499c8d04536880aabb7da90bfbeca6731a69a0763fa989b9f7f18237534798488f5dec2c
- SSDEEP
  
  3072:bB2ggCALXBkKgZc5TO4wePyVlv9vZbcx+dxg5bUkBaXa60P:bQgg7LxkKcM/3PyVl9hbndxCUkBs
Score

10^/10

smokeloader backdoor trojan pub1
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2