General

  • Target

    621ee658e70850994880217aa94f5ecaddea092aed3c8c0559b3a691fd3d10fe

  • Size

    145KB

  • Sample

    221129-y88shage6w

  • MD5

    c14678ef13cd46964aad37709243d78d

  • SHA1

    87e344bee6735eaff0d645b2a2bbee52cdc88d82

  • SHA256

    621ee658e70850994880217aa94f5ecaddea092aed3c8c0559b3a691fd3d10fe

  • SHA512

    778a8b4bdb1e1d3d5c8692212952365405b35223ad40c4824cc6d7687a0005500391d90007333b0a0cbca9c921d17f156594a8a180042990a4d642fc02bdf956

  • SSDEEP

    3072:GDLlTEGUMEK2+Np5cewHXesAfNtdJ7FGyO9m1z0avcr4fNFa:PG+K2w2XebfR5c4IaUrQDa

Malware Config

Targets

    • Target

      621ee658e70850994880217aa94f5ecaddea092aed3c8c0559b3a691fd3d10fe

    • Size

      145KB

    • MD5

      c14678ef13cd46964aad37709243d78d

    • SHA1

      87e344bee6735eaff0d645b2a2bbee52cdc88d82

    • SHA256

      621ee658e70850994880217aa94f5ecaddea092aed3c8c0559b3a691fd3d10fe

    • SHA512

      778a8b4bdb1e1d3d5c8692212952365405b35223ad40c4824cc6d7687a0005500391d90007333b0a0cbca9c921d17f156594a8a180042990a4d642fc02bdf956

    • SSDEEP

      3072:GDLlTEGUMEK2+Np5cewHXesAfNtdJ7FGyO9m1z0avcr4fNFa:PG+K2w2XebfR5c4IaUrQDa

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Tasks