smokeloader

Sharing

Copy URL

Twitter E-mail

General

Target

be9786ac981f638ab015c1b8e5bac206018d7c06e7a8f9fea3e07e41cc877e40
Size

237KB
Sample

240701-yezyhawbpc
MD5

506602065b2073f876c0c595d214bece
SHA1

b84ff8823063c95fa9dcd90bc60b6a041b148969
SHA256

be9786ac981f638ab015c1b8e5bac206018d7c06e7a8f9fea3e07e41cc877e40
SHA512

13a47c2cea027526687713071fea2edacc7112824486027bd80869dce9ba405cceb193d29487f4307adbaa662a65eb1dc3518f2843439b1426dbd09488a4cee0
SSDEEP

3072:BW0zbZ2IFM/eALfl01w43bBpn/V1aflvhp4QAroRPnUQlBopL3TBtZ:BdbAIFM/eALfld49RKvsQdRMqBADT

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

pub2

Extracted

Family

smokeloader

Version

2022

http://evilos.cc/tmp/index.php

http://gebeus.ru/tmp/index.php

http://office-techs.biz/tmp/index.php

http://cx5519.com/tmp/index.php

rc4.i32

Targets

- Target
  
  be9786ac981f638ab015c1b8e5bac206018d7c06e7a8f9fea3e07e41cc877e40
- Size
  
  237KB
- MD5
  
  506602065b2073f876c0c595d214bece
- SHA1
  
  b84ff8823063c95fa9dcd90bc60b6a041b148969
- SHA256
  
  be9786ac981f638ab015c1b8e5bac206018d7c06e7a8f9fea3e07e41cc877e40
- SHA512
  
  13a47c2cea027526687713071fea2edacc7112824486027bd80869dce9ba405cceb193d29487f4307adbaa662a65eb1dc3518f2843439b1426dbd09488a4cee0
- SSDEEP
  
  3072:BW0zbZ2IFM/eALfl01w43bBpn/V1aflvhp4QAroRPnUQlBopL3TBtZ:BdbAIFM/eALfld49RKvsQdRMqBADT
Score

10^/10

smokeloader pub2 backdoor trojan
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Deletes itself

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2