General
-
Target
3c3cf21cd49a4fe0b462395a1c63a1c9b491fd268e2befc22f77b0c7849d55d9
-
Size
210KB
-
Sample
230105-j3qmeaeg8y
-
MD5
075999582d10632046a8fc0434d6899d
-
SHA1
fc85d919e44bfbe5f246daaa74bd1eb14c343089
-
SHA256
3c3cf21cd49a4fe0b462395a1c63a1c9b491fd268e2befc22f77b0c7849d55d9
-
SHA512
4d8f86c98499f5819938a8d1ad3dfc06f927b14b053e63f41b0baf9c1e3b02062214b344f7e9c0ef92bf4fc966b4747f1c8eb2f55f9dd41fcc1f0ed8daf397e9
-
SSDEEP
3072:fXuA7duwLNktK+GBHi5+A0CVNZKkTDOZcqZHgH4ASKKyImcTdVfhKNl:PDLN3BHqtV8ZcqZHgH4A+yA30
Malware Config
Targets
-
-
Target
3c3cf21cd49a4fe0b462395a1c63a1c9b491fd268e2befc22f77b0c7849d55d9
-
Size
210KB
-
MD5
075999582d10632046a8fc0434d6899d
-
SHA1
fc85d919e44bfbe5f246daaa74bd1eb14c343089
-
SHA256
3c3cf21cd49a4fe0b462395a1c63a1c9b491fd268e2befc22f77b0c7849d55d9
-
SHA512
4d8f86c98499f5819938a8d1ad3dfc06f927b14b053e63f41b0baf9c1e3b02062214b344f7e9c0ef92bf4fc966b4747f1c8eb2f55f9dd41fcc1f0ed8daf397e9
-
SSDEEP
3072:fXuA7duwLNktK+GBHi5+A0CVNZKkTDOZcqZHgH4ASKKyImcTdVfhKNl:PDLN3BHqtV8ZcqZHgH4A+yA30
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-