General

  • Target

    b0135e213cbca3b2ffc49f2fa65d8d39a4d44d85866f501642eb47aa2ba5d068

  • Size

    146KB

  • Sample

    221129-zrghcsae6w

  • MD5

    154bc7a96a9bd108766373524d09d10d

  • SHA1

    7219c69706dbc5f6404e216e605cc157805aee20

  • SHA256

    b0135e213cbca3b2ffc49f2fa65d8d39a4d44d85866f501642eb47aa2ba5d068

  • SHA512

    18501da0e0d75e2ce3c9cc2e1d9c7813b3228b1a098f5af7d6239a1aa9adc5280c5e3ecb54ca46f41c1f68d5cb4be8b729b2315c03f1ccd2e9b4f271648a2594

  • SSDEEP

    1536:0BDdkrxlw3oF9Jp9SQj4dD8GMndfdy28Up5gYmDOomE+wTj62qrRTB69dsnWw4SP:6Ddb3oJndw28Up5QY2ogK4ShOUAW

Malware Config

Targets

    • Target

      b0135e213cbca3b2ffc49f2fa65d8d39a4d44d85866f501642eb47aa2ba5d068

    • Size

      146KB

    • MD5

      154bc7a96a9bd108766373524d09d10d

    • SHA1

      7219c69706dbc5f6404e216e605cc157805aee20

    • SHA256

      b0135e213cbca3b2ffc49f2fa65d8d39a4d44d85866f501642eb47aa2ba5d068

    • SHA512

      18501da0e0d75e2ce3c9cc2e1d9c7813b3228b1a098f5af7d6239a1aa9adc5280c5e3ecb54ca46f41c1f68d5cb4be8b729b2315c03f1ccd2e9b4f271648a2594

    • SSDEEP

      1536:0BDdkrxlw3oF9Jp9SQj4dD8GMndfdy28Up5gYmDOomE+wTj62qrRTB69dsnWw4SP:6Ddb3oJndw28Up5QY2ogK4ShOUAW

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks