smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

2ac4a52e9f94b9e517e14b749811fa98.exe
Size

311KB
Sample

240627-hw267a1ajj
MD5

2ac4a52e9f94b9e517e14b749811fa98
SHA1

8a693552de74d98bc67daf5216241718a93b4d83
SHA256

7024e2012b8c0acec20f70d4dda73ea9a67b234535bf7f27eb68c6dc8338ccab
SHA512

e2bd2115736ae2fa70decc5cdce56e3deb37bdb6732769a54d466b807b2bb17ad0de3f5f3148800a9c2e64006baa403e9625d9495e27f3b054ebdd69170a37b4
SSDEEP

3072:oqY/LzCkS/0tmJcnJvn+rnFTilV27LQSHq5T9K8N80gP:oqqLmkScmwv+LVOVMkwQ9KO

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  2ac4a52e9f94b9e517e14b749811fa98.exe
- Size
  
  311KB
- MD5
  
  2ac4a52e9f94b9e517e14b749811fa98
- SHA1
  
  8a693552de74d98bc67daf5216241718a93b4d83
- SHA256
  
  7024e2012b8c0acec20f70d4dda73ea9a67b234535bf7f27eb68c6dc8338ccab
- SHA512
  
  e2bd2115736ae2fa70decc5cdce56e3deb37bdb6732769a54d466b807b2bb17ad0de3f5f3148800a9c2e64006baa403e9625d9495e27f3b054ebdd69170a37b4
- SSDEEP
  
  3072:oqY/LzCkS/0tmJcnJvn+rnFTilV27LQSHq5T9K8N80gP:oqqLmkScmwv+LVOVMkwQ9KO
Score

10^/10

smokeloader pub1 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2