General

  • Size

    169KB

  • Sample

    220923-g3v6sadda6

  • MD5

    99821e7b04f23ca36ef0b2a9dc3c4de7

  • SHA1

    2e8aa1b3bc27558e5a4ccb11d9d7dac7a49fa2a1

  • SHA256

    2d108b21d74491c9045f241a045361279342a55b40f6b6ee5779d0a146270a7b

  • SHA512

    31e7a2c7305fdd81c991022697e3b188cb0afaf456d9b5e4549b427b11242b27a681a0a8fb55c76bc60152db6be90747db7d0a42f539124a23fb74794ef1e42a

Malware Config

Targets

    • Target

      2d108b21d74491c9045f241a045361279342a55b40f6b6ee5779d0a146270a7b

    • Size

      169KB

    • MD5

      99821e7b04f23ca36ef0b2a9dc3c4de7

    • SHA1

      2e8aa1b3bc27558e5a4ccb11d9d7dac7a49fa2a1

    • SHA256

      2d108b21d74491c9045f241a045361279342a55b40f6b6ee5779d0a146270a7b

    • SHA512

      31e7a2c7305fdd81c991022697e3b188cb0afaf456d9b5e4549b427b11242b27a681a0a8fb55c76bc60152db6be90747db7d0a42f539124a23fb74794ef1e42a

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation