General

  • Target

    e6095c66d27cc8ae85a7873aa49659d3f67f44f1134c0041551c8a0ea609bdf1

  • Size

    188KB

  • Sample

    221124-x989zshd3w

  • MD5

    14b6b36943defce777ef30258d5dde27

  • SHA1

    eb468c764fa0959cec0368c841d1946aedd20e5a

  • SHA256

    e6095c66d27cc8ae85a7873aa49659d3f67f44f1134c0041551c8a0ea609bdf1

  • SHA512

    06ffc4f54e3cba0b4a7cf9434536b55bb715b6249877d36012ff22a35675ce6b4ae3b39f6482227fc92bcd76cf91f1015223533b4a9bd18b5125557964c6c8e9

Malware Config

Targets

    • Target

      e6095c66d27cc8ae85a7873aa49659d3f67f44f1134c0041551c8a0ea609bdf1

    • Size

      188KB

    • MD5

      14b6b36943defce777ef30258d5dde27

    • SHA1

      eb468c764fa0959cec0368c841d1946aedd20e5a

    • SHA256

      e6095c66d27cc8ae85a7873aa49659d3f67f44f1134c0041551c8a0ea609bdf1

    • SHA512

      06ffc4f54e3cba0b4a7cf9434536b55bb715b6249877d36012ff22a35675ce6b4ae3b39f6482227fc92bcd76cf91f1015223533b4a9bd18b5125557964c6c8e9

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation