smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

8d1408497beef3ce8d61f4d749d8986e53851bcc7c99343a3d279d367c2614ca.exe
Size

188KB
Sample

240628-byf86swfnk
MD5

14e09b27d21f65488e1dd69e192746ba
SHA1

d89dd22cb26ed5b8236c573f3627709faaa397b3
SHA256

8d1408497beef3ce8d61f4d749d8986e53851bcc7c99343a3d279d367c2614ca
SHA512

2f7a125d3786b093969cc4188fc2ef314f86772bd79485b71024bc32106d449120db7093f5388bb72790bbf34f6f111d7b78701f6dd5887731af4d13cdff96a8
SSDEEP

3072:8rKQIrohF4oU4kKAatYULQDcZFADhXpJ1GFXnXuaOGEFk:8iro8oUfxKDFmtpaXXUF

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2022

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  8d1408497beef3ce8d61f4d749d8986e53851bcc7c99343a3d279d367c2614ca.exe
- Size
  
  188KB
- MD5
  
  14e09b27d21f65488e1dd69e192746ba
- SHA1
  
  d89dd22cb26ed5b8236c573f3627709faaa397b3
- SHA256
  
  8d1408497beef3ce8d61f4d749d8986e53851bcc7c99343a3d279d367c2614ca
- SHA512
  
  2f7a125d3786b093969cc4188fc2ef314f86772bd79485b71024bc32106d449120db7093f5388bb72790bbf34f6f111d7b78701f6dd5887731af4d13cdff96a8
- SSDEEP
  
  3072:8rKQIrohF4oU4kKAatYULQDcZFADhXpJ1GFXnXuaOGEFk:8iro8oUfxKDFmtpaXXUF
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2