General
-
Target
f68d36e493ef79dc5cfeaeed2c60d4a354f7c64cb7874b3b0a6c02b12c7605da
-
Size
176KB
-
Sample
221206-dlfg8acc6t
-
MD5
aa10d7b0715be91b585355c9f30ea1c0
-
SHA1
4c1746255529a82275985b205dcd7144e9fe6736
-
SHA256
4170cbed426a0b916df98ddbc4dd2d20a173486cffb2184f8fa16fc7608514f4
-
SHA512
209ea8de32b9e48694eeaf52c5cb3a32e0479a3f3bfb1de2c83779853fc11c1fc801d5f4d67702285030509b7eee06d1774cd24d48158a296bea36895444a7be
-
SSDEEP
3072:DCBynHKRrfzQm0rHh+KoinRcqtknv7z8VS6fqzjgKiapG4OF1IBfd:kynqRD8nHsKZRKvHIfqzMKiaofmVd
Malware Config
Targets
-
-
Target
f68d36e493ef79dc5cfeaeed2c60d4a354f7c64cb7874b3b0a6c02b12c7605da
-
Size
274KB
-
MD5
92c03588339f6667ac2f0b61d6838fbe
-
SHA1
126cc4fc9a67d3a17e768d2d0f9fd09e1dcd1e74
-
SHA256
f68d36e493ef79dc5cfeaeed2c60d4a354f7c64cb7874b3b0a6c02b12c7605da
-
SHA512
0d1de1ff82f9514e61f0bd162bee8774d92d7f8e6ff6ac26b6104302274e4add68203856809e1c49f3bce15038574be093998231e2171f79b39557abb0618122
-
SSDEEP
3072:OWXVKdi1YUO28RpfxnOaWR5snTyR1+9LzynRcqtknv7z8Vpos/uiVRvJTcpAc9E4:O+g7fxn1TyRoWRKvHU/uIDcucyVS
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-