General
-
Target
f8fdee841dc8a4761cef23a6f3c6dfb054591412d486f5b100dab5ff7b772aa3
-
Size
263KB
-
Sample
230112-veq4tace7w
-
MD5
3d2eed5376dd1e1eb2f2e7c87348ba5e
-
SHA1
5360df3454fc959966a4f3931af3439fefb99292
-
SHA256
f8fdee841dc8a4761cef23a6f3c6dfb054591412d486f5b100dab5ff7b772aa3
-
SHA512
ea117a5fc96ffc6204903055e70a17870a8dbecc601dffc27446c0021f2b78b055acbce08f15b2d296b3f615566fefe2534ace9ab57a0b6f661950723f9add41
-
SSDEEP
6144:BBJLtqc5nc1pmbSFQRdbFnrNGpMskFQH2Yp:BBJRqc5ncPmbSCRjrURkFo2Y
Malware Config
Targets
-
-
Target
f8fdee841dc8a4761cef23a6f3c6dfb054591412d486f5b100dab5ff7b772aa3
-
Size
263KB
-
MD5
3d2eed5376dd1e1eb2f2e7c87348ba5e
-
SHA1
5360df3454fc959966a4f3931af3439fefb99292
-
SHA256
f8fdee841dc8a4761cef23a6f3c6dfb054591412d486f5b100dab5ff7b772aa3
-
SHA512
ea117a5fc96ffc6204903055e70a17870a8dbecc601dffc27446c0021f2b78b055acbce08f15b2d296b3f615566fefe2534ace9ab57a0b6f661950723f9add41
-
SSDEEP
6144:BBJLtqc5nc1pmbSFQRdbFnrNGpMskFQH2Yp:BBJRqc5ncPmbSCRjrURkFo2Y
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-