General

  • Target

    f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96

  • Size

    148KB

  • Sample

    220921-g74zgsfeg4

  • MD5

    32d71a468281fa6a54aba0344a65bb5b

  • SHA1

    f8a61d1cb293ba8a438c1d74afb3cabbe7f49b68

  • SHA256

    f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96

  • SHA512

    8cb2a11b3a00ea20a701323acc3cb5d1d01b42f27c12c13701454ceea978052dedf60d2602b4b5a6578940914d6d3161bab55ed6740acd8cf70a5e4315042172

  • SSDEEP

    3072:Fyxr5cpuNJcCxh9rqcZ0OHzZBgT8iL2In:rAJcCNrqAoTHL

Malware Config

Targets

    • Target

      f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96

    • Size

      148KB

    • MD5

      32d71a468281fa6a54aba0344a65bb5b

    • SHA1

      f8a61d1cb293ba8a438c1d74afb3cabbe7f49b68

    • SHA256

      f55eae9ac8b79ff673e488d5eb5b462077007e0eabdc875a2c34afc3f1d0fc96

    • SHA512

      8cb2a11b3a00ea20a701323acc3cb5d1d01b42f27c12c13701454ceea978052dedf60d2602b4b5a6578940914d6d3161bab55ed6740acd8cf70a5e4315042172

    • SSDEEP

      3072:Fyxr5cpuNJcCxh9rqcZ0OHzZBgT8iL2In:rAJcCNrqAoTHL

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks