smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

35bf9dfd223e02da2ee3d57ec493156787a3c2cecb8b655a583985a2f14cc6e3_dump.exe
Size

40KB
Sample

240629-a47smswgrf
MD5

180698141d13a6646d7149374e67a816
SHA1

e1a2e9e3769fe9646f41dfd72d44855caaaaa613
SHA256

fa72acb53d44a992bf54c08f17c98efcae130abe7024ef9b59935d5bbba9f1a1
SHA512

9fbb00e9f79bcfd0b8f713800002e88c09f82293483cbd3836b1238c26d212360e56692780ef2be65aa42fe78eb0e72e33237dec647260ad320f0252fd6366d4
SSDEEP

768:xLtE5GK+qS4tpITHhRx3kwfOX5VAEMiyQjEDlrSlV:fE5Grt48THhRhfOX7AtZDJS/

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2022

http://movlat.com/tmp/

http://llcbc.org/tmp/

http://lindex24.ru/tmp/

http://qeqei.xyz/tmp/

rc4.i32

Targets

- Target
  
  35bf9dfd223e02da2ee3d57ec493156787a3c2cecb8b655a583985a2f14cc6e3_dump.exe
- Size
  
  40KB
- MD5
  
  180698141d13a6646d7149374e67a816
- SHA1
  
  e1a2e9e3769fe9646f41dfd72d44855caaaaa613
- SHA256
  
  fa72acb53d44a992bf54c08f17c98efcae130abe7024ef9b59935d5bbba9f1a1
- SHA512
  
  9fbb00e9f79bcfd0b8f713800002e88c09f82293483cbd3836b1238c26d212360e56692780ef2be65aa42fe78eb0e72e33237dec647260ad320f0252fd6366d4
- SSDEEP
  
  768:xLtE5GK+qS4tpITHhRx3kwfOX5VAEMiyQjEDlrSlV:fE5Grt48THhRhfOX7AtZDJS/
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2