Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    186KB

  • Sample

    221123-qykc6aac2z

  • MD5

    620ae5771848bc425d5d686054019ef8

  • SHA1

    c16fa58a41f6deeb94369bd9371aa7dbd91a014f

  • SHA256

    c0ace3785dd2cf1b9e8696e2e26735ba89800f8e4e1efaa8d23c058b145b04bd

  • SHA512

    65945888bf87d6e2db50b839ae49b245ce4ff5e5ddc74fbac5481b5cf59082fb46f1fc7e0b2985ea0247b9b422c3d75c482480c2bd3b306e8b63f5b860cdbbb0

  • SSDEEP

    3072:DehojATICdjLWBJa07Wyos5EO2cbybKXzOUiVRhAssmDxU:ahcSLWBJa07lwcbybMzlGhA46

Score
10/10
smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      186KB

    • MD5

      620ae5771848bc425d5d686054019ef8

    • SHA1

      c16fa58a41f6deeb94369bd9371aa7dbd91a014f

    • SHA256

      c0ace3785dd2cf1b9e8696e2e26735ba89800f8e4e1efaa8d23c058b145b04bd

    • SHA512

      65945888bf87d6e2db50b839ae49b245ce4ff5e5ddc74fbac5481b5cf59082fb46f1fc7e0b2985ea0247b9b422c3d75c482480c2bd3b306e8b63f5b860cdbbb0

    • SSDEEP

      3072:DehojATICdjLWBJa07Wyos5EO2cbybKXzOUiVRhAssmDxU:ahcSLWBJa07lwcbybMzlGhA46

    Score
    10/10
    smokeloaderbackdoortrojancollectiondiscoveryspywarestealer

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks