General

  • Target

    e0ddfb5a3473969006cc485d8040b5321bc3769e7a5f5dfd7a8a9e5fe1227ac6

  • Size

    342KB

  • Sample

    230125-lw6fdsff48

  • MD5

    87a0c1c312f80b7750ebee3ac4c0670c

  • SHA1

    a0738269e1b869c914767811145149b63db3ae61

  • SHA256

    e0ddfb5a3473969006cc485d8040b5321bc3769e7a5f5dfd7a8a9e5fe1227ac6

  • SHA512

    47dab64a859dec1bfb640316daeede9fe26e50f703f73c4e7ceea2c67d4555279a338e7a6d6c41c5255d970c83f939981564a2b3d8fb3a6cc3b6ba10e031c625

  • SSDEEP

    6144:C9YLM8gPcKQiDKXQmSrweFS0bO+n1QybGDjq7VWRFBMolz90BB:wY4rhQKo2Q3O77VWR5lzKB

Malware Config

Targets

    • Target

      e0ddfb5a3473969006cc485d8040b5321bc3769e7a5f5dfd7a8a9e5fe1227ac6

    • Size

      342KB

    • MD5

      87a0c1c312f80b7750ebee3ac4c0670c

    • SHA1

      a0738269e1b869c914767811145149b63db3ae61

    • SHA256

      e0ddfb5a3473969006cc485d8040b5321bc3769e7a5f5dfd7a8a9e5fe1227ac6

    • SHA512

      47dab64a859dec1bfb640316daeede9fe26e50f703f73c4e7ceea2c67d4555279a338e7a6d6c41c5255d970c83f939981564a2b3d8fb3a6cc3b6ba10e031c625

    • SSDEEP

      6144:C9YLM8gPcKQiDKXQmSrweFS0bO+n1QybGDjq7VWRFBMolz90BB:wY4rhQKo2Q3O77VWR5lzKB

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks