General

  • Target

    eaee7b38e960539c5ae86242b1e3e4455696f956ae26d733b85e1d999e6eb754

  • Size

    188KB

  • Sample

    221124-xqsg5agb9t

  • MD5

    4d2321be70f1eaabf9b7b243f69a8001

  • SHA1

    59db1ed7143319cf03b8b1ac01bc5f5a63c6c6b3

  • SHA256

    eaee7b38e960539c5ae86242b1e3e4455696f956ae26d733b85e1d999e6eb754

  • SHA512

    e1a08111a9bdfd12230ab81426a59f5036b34534e5d94a103a4eeac4a343aa0f03148bbcb915252626d6f53252234f54c09ff73e9a2e07c516adbb4968711165

Malware Config

Targets

    • Target

      eaee7b38e960539c5ae86242b1e3e4455696f956ae26d733b85e1d999e6eb754

    • Size

      188KB

    • MD5

      4d2321be70f1eaabf9b7b243f69a8001

    • SHA1

      59db1ed7143319cf03b8b1ac01bc5f5a63c6c6b3

    • SHA256

      eaee7b38e960539c5ae86242b1e3e4455696f956ae26d733b85e1d999e6eb754

    • SHA512

      e1a08111a9bdfd12230ab81426a59f5036b34534e5d94a103a4eeac4a343aa0f03148bbcb915252626d6f53252234f54c09ff73e9a2e07c516adbb4968711165

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation