General

  • Target

    e6095c66d27cc8ae85a7873aa49659d3f67f44f1134c0041551c8a0ea609bdf1

  • Size

    188KB

  • Sample

    221124-x989zshd3w

  • MD5

    14b6b36943defce777ef30258d5dde27

  • SHA1

    eb468c764fa0959cec0368c841d1946aedd20e5a

  • SHA256

    e6095c66d27cc8ae85a7873aa49659d3f67f44f1134c0041551c8a0ea609bdf1

  • SHA512

    06ffc4f54e3cba0b4a7cf9434536b55bb715b6249877d36012ff22a35675ce6b4ae3b39f6482227fc92bcd76cf91f1015223533b4a9bd18b5125557964c6c8e9

  • SSDEEP

    3072:+s2zSBiuPT41QLlXngCol5buiMoKtdK8B6veHJD3B1CrQP+Ep3LkTwCXbA:ozSLlXvAtRKS8Ymp7BK2V3LkTR

Malware Config

Targets

    • Target

      e6095c66d27cc8ae85a7873aa49659d3f67f44f1134c0041551c8a0ea609bdf1

    • Size

      188KB

    • MD5

      14b6b36943defce777ef30258d5dde27

    • SHA1

      eb468c764fa0959cec0368c841d1946aedd20e5a

    • SHA256

      e6095c66d27cc8ae85a7873aa49659d3f67f44f1134c0041551c8a0ea609bdf1

    • SHA512

      06ffc4f54e3cba0b4a7cf9434536b55bb715b6249877d36012ff22a35675ce6b4ae3b39f6482227fc92bcd76cf91f1015223533b4a9bd18b5125557964c6c8e9

    • SSDEEP

      3072:+s2zSBiuPT41QLlXngCol5buiMoKtdK8B6veHJD3B1CrQP+Ep3LkTwCXbA:ozSLlXvAtRKS8Ymp7BK2V3LkTR

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks