General
-
Target
cb910537eef3d2844095f2934bc16f00f602ac6efe384cc18a0f7667f2538d48
-
Size
231KB
-
Sample
221226-mg1f9sfh7y
-
MD5
863a4e0dfafeb5d8c5e339485f001d91
-
SHA1
5a0af906dae62411c187f2b9c1d4d65c37bda2eb
-
SHA256
cb910537eef3d2844095f2934bc16f00f602ac6efe384cc18a0f7667f2538d48
-
SHA512
8871d115825c0fcb194befdc09667df8c55368050e97aca2598bffd1de4878490be4f16588856fa34ce2d0870a2c78fecb71f53a34f1a3499a8732061d153b9b
-
SSDEEP
3072:WuI/bLt4ZX5PJ2GIVD3O6wv7fbSyGVQ+3V8zkzlS1g/tK8AFsk7LrcSb54VIcVTk:iLt4ZlJ2leRv7GPVX8zCtK8qskXbIr
Malware Config
Targets
-
-
Target
cb910537eef3d2844095f2934bc16f00f602ac6efe384cc18a0f7667f2538d48
-
Size
231KB
-
MD5
863a4e0dfafeb5d8c5e339485f001d91
-
SHA1
5a0af906dae62411c187f2b9c1d4d65c37bda2eb
-
SHA256
cb910537eef3d2844095f2934bc16f00f602ac6efe384cc18a0f7667f2538d48
-
SHA512
8871d115825c0fcb194befdc09667df8c55368050e97aca2598bffd1de4878490be4f16588856fa34ce2d0870a2c78fecb71f53a34f1a3499a8732061d153b9b
-
SSDEEP
3072:WuI/bLt4ZX5PJ2GIVD3O6wv7fbSyGVQ+3V8zkzlS1g/tK8AFsk7LrcSb54VIcVTk:iLt4ZlJ2leRv7GPVX8zCtK8qskXbIr
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-