General

  • Target

    9913e23613e68044d305f55054bc48f358e330f9b1aff9d8907e81db42dc95be

  • Size

    147KB

  • Sample

    221129-zf2zxshd21

  • MD5

    36d5f397d597da0559116bd6c4e982ad

  • SHA1

    470db622150a659b960c12492cc3e533b715dfdb

  • SHA256

    9913e23613e68044d305f55054bc48f358e330f9b1aff9d8907e81db42dc95be

  • SHA512

    429b558feac209fda4298832c97b31b6b20766388bca303f535e200d4db905f618163feaaa84df62d87245dc9d483fa38b236b74cc24024458b24439391f7a6d

  • SSDEEP

    3072:IDd6zwtI723Up577lNAyWKc24MHC1pcKaulcya:Dzj72SPWXOC1pcKau69

Malware Config

Targets

    • Target

      9913e23613e68044d305f55054bc48f358e330f9b1aff9d8907e81db42dc95be

    • Size

      147KB

    • MD5

      36d5f397d597da0559116bd6c4e982ad

    • SHA1

      470db622150a659b960c12492cc3e533b715dfdb

    • SHA256

      9913e23613e68044d305f55054bc48f358e330f9b1aff9d8907e81db42dc95be

    • SHA512

      429b558feac209fda4298832c97b31b6b20766388bca303f535e200d4db905f618163feaaa84df62d87245dc9d483fa38b236b74cc24024458b24439391f7a6d

    • SSDEEP

      3072:IDd6zwtI723Up577lNAyWKc24MHC1pcKaulcya:Dzj72SPWXOC1pcKau69

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks