General

  • Target

    file.exe

  • Size

    301KB

  • Sample

    230206-1bwg1sbb8x

  • MD5

    a5e29925fa0dee4effe250e6afa2410c

  • SHA1

    fbb3c6aa742703de4a0cdceca91b3293d11fbbad

  • SHA256

    10aac36c87768abb238e9afbebae4e97b2fb8c6cddad774831a83769c957d443

  • SHA512

    057b5bb28ce6cc0af43a7ae62962b6b8b86f264300ed19a2197c92ae92833eb7f4f6a140961a59ea25758f25ff2a1b60da880d8849c0d5839c2d707a031e88d1

  • SSDEEP

    3072:Cp/b6bP+WLc1RGdZOFjBU0/w8Z2KPyorElUuQjiMTE5kVorNafVi:C9Y+WLc6dZODU0/wPZoIlUuQj9qrNat

Malware Config

Targets

    • Target

      file.exe

    • Size

      301KB

    • MD5

      a5e29925fa0dee4effe250e6afa2410c

    • SHA1

      fbb3c6aa742703de4a0cdceca91b3293d11fbbad

    • SHA256

      10aac36c87768abb238e9afbebae4e97b2fb8c6cddad774831a83769c957d443

    • SHA512

      057b5bb28ce6cc0af43a7ae62962b6b8b86f264300ed19a2197c92ae92833eb7f4f6a140961a59ea25758f25ff2a1b60da880d8849c0d5839c2d707a031e88d1

    • SSDEEP

      3072:Cp/b6bP+WLc1RGdZOFjBU0/w8Z2KPyorElUuQjiMTE5kVorNafVi:C9Y+WLc6dZODU0/wPZoIlUuQj9qrNat

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks