General

  • Target

    2fa1b36ec12cfb8468868b302c85d932424d428b980d2ed8854cf48a0ecab2b9

  • Size

    273KB

  • Sample

    221206-dsvwgscc61

  • MD5

    eb9789fe77151a7e52b9f73a921231c7

  • SHA1

    4f7755391003bb102269645de1e64b94e9041f3d

  • SHA256

    2fa1b36ec12cfb8468868b302c85d932424d428b980d2ed8854cf48a0ecab2b9

  • SHA512

    c26c8dd93867b91057dae52e68a2298923fa966382d0e529a2c066392db37ae333c826cd5c756971bfcdc15e21aebbb65e97d53f58e14dce3507452effe72426

  • SSDEEP

    3072:gBXVf6YeFvwTAJQhiWR5gSMmBlCRwXj12j0OfIjdbdiVRvJTcpyoSbMY5XYgV2qI:glsVJQhnkRwzDOfuxIDcJKVS

Malware Config

Targets

    • Target

      2fa1b36ec12cfb8468868b302c85d932424d428b980d2ed8854cf48a0ecab2b9

    • Size

      273KB

    • MD5

      eb9789fe77151a7e52b9f73a921231c7

    • SHA1

      4f7755391003bb102269645de1e64b94e9041f3d

    • SHA256

      2fa1b36ec12cfb8468868b302c85d932424d428b980d2ed8854cf48a0ecab2b9

    • SHA512

      c26c8dd93867b91057dae52e68a2298923fa966382d0e529a2c066392db37ae333c826cd5c756971bfcdc15e21aebbb65e97d53f58e14dce3507452effe72426

    • SSDEEP

      3072:gBXVf6YeFvwTAJQhiWR5gSMmBlCRwXj12j0OfIjdbdiVRvJTcpyoSbMY5XYgV2qI:glsVJQhnkRwzDOfuxIDcJKVS

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks