General

  • Target

    d7326491ebbfe17d5cbbc269e0dba198893a497101461fe698b4def51e74d45a

  • Size

    325KB

  • Sample

    230203-aae6jacc81

  • MD5

    5f6b4c313c698593925aab149837b3eb

  • SHA1

    a0d56074efab2a93ef60abdd93a7c3c304299c78

  • SHA256

    d7326491ebbfe17d5cbbc269e0dba198893a497101461fe698b4def51e74d45a

  • SHA512

    50232da28dedffe39c5fd7f6dab08644de65f9d50ce7d56d59fc42439b83992987ac0fbd1f1c6d3b8d52ec79c5fa5850836727127f8475f88c7ca34747aa4065

  • SSDEEP

    6144:qCkdLTnhNdT+u2uY/Ix2lwKwpxoBjV6ptCbNKNc:qCkdPn/d+8Qs2leoVf

Malware Config

Targets

    • Target

      d7326491ebbfe17d5cbbc269e0dba198893a497101461fe698b4def51e74d45a

    • Size

      325KB

    • MD5

      5f6b4c313c698593925aab149837b3eb

    • SHA1

      a0d56074efab2a93ef60abdd93a7c3c304299c78

    • SHA256

      d7326491ebbfe17d5cbbc269e0dba198893a497101461fe698b4def51e74d45a

    • SHA512

      50232da28dedffe39c5fd7f6dab08644de65f9d50ce7d56d59fc42439b83992987ac0fbd1f1c6d3b8d52ec79c5fa5850836727127f8475f88c7ca34747aa4065

    • SSDEEP

      6144:qCkdLTnhNdT+u2uY/Ix2lwKwpxoBjV6ptCbNKNc:qCkdPn/d+8Qs2leoVf

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks