smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

f1294d432fbc5f9aabc03c987bd68a824beb126562591c0836284b2ca3c9f594
Size

315KB
Sample

240627-dm3n5syhra
MD5

60ac64c10adfc50022e57254842e26ff
SHA1

113c2bd95e7aece2a0b1a6e222d073124401df8e
SHA256

f1294d432fbc5f9aabc03c987bd68a824beb126562591c0836284b2ca3c9f594
SHA512

ee24a7b02c608c3c5b68030c202748ccf159c1ff4ea728eac2a53fb72e323c65f5691fba9ec6f2b2b12fef8eeabb0d9cadf0dee57f41cb5d9f15449c719fce44
SSDEEP

3072:UY+LwIP2PcjPhKVRCyM5yBOlk06kP/4a5sLQQMZ2eD3MXaABNY:x+LwSCc7kRCX5yBOlFjP/dQMTP

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2022

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  f1294d432fbc5f9aabc03c987bd68a824beb126562591c0836284b2ca3c9f594
- Size
  
  315KB
- MD5
  
  60ac64c10adfc50022e57254842e26ff
- SHA1
  
  113c2bd95e7aece2a0b1a6e222d073124401df8e
- SHA256
  
  f1294d432fbc5f9aabc03c987bd68a824beb126562591c0836284b2ca3c9f594
- SHA512
  
  ee24a7b02c608c3c5b68030c202748ccf159c1ff4ea728eac2a53fb72e323c65f5691fba9ec6f2b2b12fef8eeabb0d9cadf0dee57f41cb5d9f15449c719fce44
- SSDEEP
  
  3072:UY+LwIP2PcjPhKVRCyM5yBOlk06kP/4a5sLQQMZ2eD3MXaABNY:x+LwSCc7kRCX5yBOlFjP/dQMTP
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2