smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

b173e617fe7cf822915a6d95bbba7935ad0f16fa5e334be6c7b85290b9b8ab2c
Size

222KB
Sample

240630-pn5exaxglf
MD5

b2a74324e7570bdd7a2eaa9d165bfda3
SHA1

b3fdbdcd8da293f0feaa2df0a7bb2d8fa48e5701
SHA256

b173e617fe7cf822915a6d95bbba7935ad0f16fa5e334be6c7b85290b9b8ab2c
SHA512

adb707b5aa4ce306f302a4b390d5e40667c3568d3814753a95ef96f387d3fe4cbc4bd3f367c893ef775f24a844c6f45543c5416d153d20ff534ae7b16677ea5c
SSDEEP

6144:t6xCNsCaRUy72ELsa5X0eOBJpHJXkMcD:MxSsCaRUy72EdXR4VCD

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2022

http://evilos.cc/tmp/index.php

http://gebeus.ru/tmp/index.php

http://office-techs.biz/tmp/index.php

http://cx5519.com/tmp/index.php

rc4.i32

Targets

- Target
  
  b173e617fe7cf822915a6d95bbba7935ad0f16fa5e334be6c7b85290b9b8ab2c
- Size
  
  222KB
- MD5
  
  b2a74324e7570bdd7a2eaa9d165bfda3
- SHA1
  
  b3fdbdcd8da293f0feaa2df0a7bb2d8fa48e5701
- SHA256
  
  b173e617fe7cf822915a6d95bbba7935ad0f16fa5e334be6c7b85290b9b8ab2c
- SHA512
  
  adb707b5aa4ce306f302a4b390d5e40667c3568d3814753a95ef96f387d3fe4cbc4bd3f367c893ef775f24a844c6f45543c5416d153d20ff534ae7b16677ea5c
- SSDEEP
  
  6144:t6xCNsCaRUy72ELsa5X0eOBJpHJXkMcD:MxSsCaRUy72EdXR4VCD
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2