General

  • Target

    14a10fc4f2e38e3581b570c2cdc82fbdc084110d8849fee3161ac009ebd5baf3

  • Size

    105KB

  • Sample

    221129-z3f1zabg5x

  • MD5

    a3f46937d61b68535941113edfbf6f41

  • SHA1

    7949d0f1690e37a84f06672b073cfc7ea5db14e4

  • SHA256

    97f44841a8ff68e12b34c470767d5ab89b64e742a922e033a7e23a40be29ec07

  • SHA512

    939d6983db7180fc1a2c569d656f05b37292cddc75f8ec466d13cd42babf7b427a17476c50715d03bdf0a65edb8b70aa05b74cbfd7710d7a68f512e0b6a06e18

  • SSDEEP

    3072:0+lsN5ZsgbLAmFG3ws6UUXPFdRmPLMXBUOtnp0FK:HsNLsgfHGgBUaRmPwXttp0c

Malware Config

Targets

    • Target

      14a10fc4f2e38e3581b570c2cdc82fbdc084110d8849fee3161ac009ebd5baf3

    • Size

      148KB

    • MD5

      3ed4b941f32af8f49c6d909298b7b905

    • SHA1

      1f6a142ea388e789d6624eccf9adf57876bf461d

    • SHA256

      14a10fc4f2e38e3581b570c2cdc82fbdc084110d8849fee3161ac009ebd5baf3

    • SHA512

      e1c1ff2f9ca9a88967ce777689aebe522832637cfc9e6567d5e55a549c40e47dcdcd7641fd1af6388994a21dcd7aaa04546dd329411cea9753f0a655b224c625

    • SSDEEP

      3072:1oCEa2RDyk0mn5VBOPdycwFkIR6CUk8EyOhYQq1M:7sDyk0qOPSkIEsyO3h

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Email Collection

2
T1114

Tasks