General

  • Target

    9e0ec049617b681301bd6c970c461133e08cb0c0f4bb4be1241dc8ba6de43642

  • Size

    176KB

  • Sample

    221206-d2wt5shc64

  • MD5

    720db43e4861e295f25b13d42c9bd251

  • SHA1

    b1b3e054724bd46390cf634c5788cfa1fb89629c

  • SHA256

    e1c05e0bc465f434765e6cfae937094d7b1268f0a10627fa4ec0816390b6295c

  • SHA512

    69a79ee674be1835e2660ec8b0c8831c5a25d60be91ef86e1338cb20f25896f5ae28ca64812b4bbe20cc4bf3bf5b145305b078093e9839a8cbf3866c8de4083a

  • SSDEEP

    3072:YaFz6Oo/23ln2KuqU4PmH37SV8E9QJ3Z/DuXUP0p7hh45XrpVc:YO2cl/+2WSoZ7uXLp7hh45Xte

Malware Config

Targets

    • Target

      9e0ec049617b681301bd6c970c461133e08cb0c0f4bb4be1241dc8ba6de43642

    • Size

      274KB

    • MD5

      d7de0cc636944a78ef28f674e67798d3

    • SHA1

      3d167a70946f951ca0f29facca8ed3b991d4720a

    • SHA256

      9e0ec049617b681301bd6c970c461133e08cb0c0f4bb4be1241dc8ba6de43642

    • SHA512

      4b6a9fc1787ef06473a353b8abe509e8460fa38be40a45d32783ca190d428bb078d80dbb1fb84be2f706b37ae9621cc671176008a6e10d553a1caa602866e7c4

    • SSDEEP

      3072:7xXV86YGJwDUbcVFxaWR5ReccWtH37SV8EY1Xx0/iVRvJTcpSbP3YgV2qs64j:7VLwBVFxBSKh0/IDc2fVS

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks