General
-
Target
def91d01e64892f2b720ceec7b0e5774b7ee0a14e709d3477761a1d372d8a622
-
Size
176KB
-
Sample
221206-cp6m5sbe7x
-
MD5
4c2b891ecb8d0e7b7b422c5608c0d2a2
-
SHA1
487ddfc428f8c10b9129007d8dd2877fbd15ddee
-
SHA256
6c894d47a0f8c38a33c40f89c91626ae76dad1ced9e375c5b62fa4606230a1be
-
SHA512
bb66e753244b565a6316aa1b44832ce57f198942c09315782815e4927469c986d46e4a7032cd7dc71fcb14744b275515d37c0fb9df023795b1ea7c3cbc3760d6
-
SSDEEP
3072:aDNODspM2IjYcHn7i1N33iTybc71E1Bt2izUsggk2mOZWnWmaRZaC187dg2GmP:5flV7AnMyA721mIU9gk2cARZaTgGP
Malware Config
Targets
-
-
Target
def91d01e64892f2b720ceec7b0e5774b7ee0a14e709d3477761a1d372d8a622
-
Size
274KB
-
MD5
f20d7caaa09e7b79277ce088ceb61888
-
SHA1
2789b4652a4ec700927c4a6ee28ac3ac802afdde
-
SHA256
def91d01e64892f2b720ceec7b0e5774b7ee0a14e709d3477761a1d372d8a622
-
SHA512
211af48dc436b93ea68bc667236cb1588a37ba10128757adddb3f582393faae2acc31351773c0e59738fe1f2bf660c7676122370ecca789e606359b95f04d32f
-
SSDEEP
6144:NOHyMsBtyXs721mIU9gzgkoIDc57brVS:NOHyjt361OIgKDc57nVS
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-