General
-
Target
becc55f0da56190c49c0b6043e9e7edaf68621331434f23f037f99a41d476ce0
-
Size
133KB
-
Sample
221002-wy7fkshack
-
MD5
055a72c67c6ca93ad472397f536963f6
-
SHA1
97f95eb5af6b2e1f219bdde636dd0cd22f72529d
-
SHA256
becc55f0da56190c49c0b6043e9e7edaf68621331434f23f037f99a41d476ce0
-
SHA512
047612ae7c30c9109fbca14ae18c4b93befff37dc06a6872cefe17894071c256d38ad7aeddced012cd8680db64eea3e81eeeec36e7a7154dbe6c5eb21373d2d3
-
SSDEEP
3072:a0qHM7OR0IhWqjMprNY6F8m+AgBDrh47RXmG:YDMqjb6F8mTS4c
Malware Config
Targets
-
-
Target
becc55f0da56190c49c0b6043e9e7edaf68621331434f23f037f99a41d476ce0
-
Size
133KB
-
MD5
055a72c67c6ca93ad472397f536963f6
-
SHA1
97f95eb5af6b2e1f219bdde636dd0cd22f72529d
-
SHA256
becc55f0da56190c49c0b6043e9e7edaf68621331434f23f037f99a41d476ce0
-
SHA512
047612ae7c30c9109fbca14ae18c4b93befff37dc06a6872cefe17894071c256d38ad7aeddced012cd8680db64eea3e81eeeec36e7a7154dbe6c5eb21373d2d3
-
SSDEEP
3072:a0qHM7OR0IhWqjMprNY6F8m+AgBDrh47RXmG:YDMqjb6F8mTS4c
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-