General
-
Target
file.exe
-
Size
189KB
-
Sample
221125-c4qkgafa73
-
MD5
a982a085ccfbb87440d2d71c09400544
-
SHA1
fee3ff24928d845834f95a12b7bff4e19bc60526
-
SHA256
9a903bcc910a8fc2a32f3b1d7bfdaa7c853c0fa897ebfecac469712e02e60ebf
-
SHA512
9d1e9836c00aad20743ff075c42f6448141968887c1dbb3e74e43bb669e12cac0b260452b8287ee598e899a6dc44edda1ce95253cc828f1bae013a43bdcbc052
-
SSDEEP
3072:jH9AJ6Qm1S3ALxt6Fxm7u2D5eS34JCDWyZH3Oy0ZdNdcw31XgooIVr:D9bLxt6FCuaIEZOy0Zpcw31XgoHr
Malware Config
Targets
-
-
Target
file.exe
-
Size
189KB
-
MD5
a982a085ccfbb87440d2d71c09400544
-
SHA1
fee3ff24928d845834f95a12b7bff4e19bc60526
-
SHA256
9a903bcc910a8fc2a32f3b1d7bfdaa7c853c0fa897ebfecac469712e02e60ebf
-
SHA512
9d1e9836c00aad20743ff075c42f6448141968887c1dbb3e74e43bb669e12cac0b260452b8287ee598e899a6dc44edda1ce95253cc828f1bae013a43bdcbc052
-
SSDEEP
3072:jH9AJ6Qm1S3ALxt6Fxm7u2D5eS34JCDWyZH3Oy0ZdNdcw31XgooIVr:D9bLxt6FCuaIEZOy0Zpcw31XgoHr
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-