General

  • Target

    file.exe

  • Size

    186KB

  • Sample

    221123-htr87sed58

  • MD5

    6e0a25e8780cfc36b80a860073b5414b

  • SHA1

    88040417696654eee720434875c2e345df000ebb

  • SHA256

    aa286a4deb0d5818cc07b59fc11d63c4cb530ed1c44480c7ff9a6e23524b9c2e

  • SHA512

    d1565576257d7d0db399804e117f03e07760bf2fa13a4aee1811190c216eef5b6664243a366c1cf82e26445e76e649a29b04b2652ec0dd8d5f1404a4d8af54ac

  • SSDEEP

    3072:XBkAtbkmeqUVbLwytWIiD5ssA+E3hV5j1HyhTQCsQIVYG+:OAhMLwyt7DsbARR0TWf

Malware Config

Targets

    • Target

      file.exe

    • Size

      186KB

    • MD5

      6e0a25e8780cfc36b80a860073b5414b

    • SHA1

      88040417696654eee720434875c2e345df000ebb

    • SHA256

      aa286a4deb0d5818cc07b59fc11d63c4cb530ed1c44480c7ff9a6e23524b9c2e

    • SHA512

      d1565576257d7d0db399804e117f03e07760bf2fa13a4aee1811190c216eef5b6664243a366c1cf82e26445e76e649a29b04b2652ec0dd8d5f1404a4d8af54ac

    • SSDEEP

      3072:XBkAtbkmeqUVbLwytWIiD5ssA+E3hV5j1HyhTQCsQIVYG+:OAhMLwyt7DsbARR0TWf

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks