General

  • Size

    169KB

  • Sample

    220923-hdjl5addc8

  • MD5

    58ccf6667aae844634480ea231a3679f

  • SHA1

    d30bf4687d435ff87e935156919ba793818150a0

  • SHA256

    5947a20adc3e785baaba02f8dbeb489f9d9e6b2c669a38cdd99f665f3d21d80e

  • SHA512

    1c5a21dcb7bcc120d2a1d0e4d9f4117fd3146f3742679217c54336719e18b597aeba86436384b2e08fbaa155998a31568a4a8e860daf7b67870b572ec04492a2

Malware Config

Targets

    • Target

      5947a20adc3e785baaba02f8dbeb489f9d9e6b2c669a38cdd99f665f3d21d80e

    • Size

      169KB

    • MD5

      58ccf6667aae844634480ea231a3679f

    • SHA1

      d30bf4687d435ff87e935156919ba793818150a0

    • SHA256

      5947a20adc3e785baaba02f8dbeb489f9d9e6b2c669a38cdd99f665f3d21d80e

    • SHA512

      1c5a21dcb7bcc120d2a1d0e4d9f4117fd3146f3742679217c54336719e18b597aeba86436384b2e08fbaa155998a31568a4a8e860daf7b67870b572ec04492a2

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation