General
-
Target
2ec53d53b0a9c74078b4b7bad395f7da9d64701534c4cf526adaaa6044f4e03a
-
Size
207KB
-
Sample
230114-v6rvesfa7v
-
MD5
ae5c1fe126d9c54661e869bb628dde6a
-
SHA1
771b611442c67a6835156c9c9422a52183b08a71
-
SHA256
2ec53d53b0a9c74078b4b7bad395f7da9d64701534c4cf526adaaa6044f4e03a
-
SHA512
c3c655636d5fee3902740695954ee410ff8f7cb9db2daaac65c60bfcd574daf56d64e07ae2d0658c539a4b4e15273aa937f739ac98eec469a2ab3074032feda5
-
SSDEEP
3072:+X++wnnh33F5O5SnJZu58q50Pf2p+vrNQCxcAhAapb:GAhLDJZu58VKNiTp
Malware Config
Targets
-
-
Target
2ec53d53b0a9c74078b4b7bad395f7da9d64701534c4cf526adaaa6044f4e03a
-
Size
207KB
-
MD5
ae5c1fe126d9c54661e869bb628dde6a
-
SHA1
771b611442c67a6835156c9c9422a52183b08a71
-
SHA256
2ec53d53b0a9c74078b4b7bad395f7da9d64701534c4cf526adaaa6044f4e03a
-
SHA512
c3c655636d5fee3902740695954ee410ff8f7cb9db2daaac65c60bfcd574daf56d64e07ae2d0658c539a4b4e15273aa937f739ac98eec469a2ab3074032feda5
-
SSDEEP
3072:+X++wnnh33F5O5SnJZu58q50Pf2p+vrNQCxcAhAapb:GAhLDJZu58VKNiTp
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-