General

  • Size

    169KB

  • Sample

    220923-hd7zqahcgr

  • MD5

    f7f3c2fe5ebeb43994b00a6b223ae698

  • SHA1

    1c5106430b43b484a83c76ba0c4dc9563404fb1b

  • SHA256

    55b1cf688ddd0c8eb1c27a72739365fd6589c0d16f45443ab164cc0e7f9fca41

  • SHA512

    90adf357314a225a66585068561f5e5ae4a4db3d2e71d0e9d93a0b8a1b3680afacaf59333ee4fefbc17d3380e91f4f57ced67d4e83d7f066871d840af10385bd

Malware Config

Targets

    • Target

      55b1cf688ddd0c8eb1c27a72739365fd6589c0d16f45443ab164cc0e7f9fca41

    • Size

      169KB

    • MD5

      f7f3c2fe5ebeb43994b00a6b223ae698

    • SHA1

      1c5106430b43b484a83c76ba0c4dc9563404fb1b

    • SHA256

      55b1cf688ddd0c8eb1c27a72739365fd6589c0d16f45443ab164cc0e7f9fca41

    • SHA512

      90adf357314a225a66585068561f5e5ae4a4db3d2e71d0e9d93a0b8a1b3680afacaf59333ee4fefbc17d3380e91f4f57ced67d4e83d7f066871d840af10385bd

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation