General

  • Target

    file.exe

  • Size

    284KB

  • Sample

    221030-h4clhaaaen

  • MD5

    8307da3af08cf2239175cb6395ad094d

  • SHA1

    6d0c04f23cec7c7c24b698cc7b03780a513c472b

  • SHA256

    5954c74c097ec1cc8ea0048ee16db04bb68705794fdfd0535d47859b1a45ab99

  • SHA512

    25fd18b3062c543ed3d0c4acbb67aa18f0d3eafecf81a966675934f573c79224f841b2d4e829c09a88a8e3d6d68bc6bd0251798c2fe165737aaece38507375c2

  • SSDEEP

    3072:zlZM66s0IUDvwLPfeC9ya5nX9SCFf8p3H9khFXIJHSt5yXgMwPM/h3:aIUDvwLPfeC9/SE8FHyhCMyXgB

Malware Config

Targets

    • Target

      file.exe

    • Size

      284KB

    • MD5

      8307da3af08cf2239175cb6395ad094d

    • SHA1

      6d0c04f23cec7c7c24b698cc7b03780a513c472b

    • SHA256

      5954c74c097ec1cc8ea0048ee16db04bb68705794fdfd0535d47859b1a45ab99

    • SHA512

      25fd18b3062c543ed3d0c4acbb67aa18f0d3eafecf81a966675934f573c79224f841b2d4e829c09a88a8e3d6d68bc6bd0251798c2fe165737aaece38507375c2

    • SSDEEP

      3072:zlZM66s0IUDvwLPfeC9ya5nX9SCFf8p3H9khFXIJHSt5yXgMwPM/h3:aIUDvwLPfeC9/SE8FHyhCMyXgB

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks