General

  • Target

    aebe8aa2e72ab13661749f5e0055ffadb251c2f36c4c4e1a9bcabff57c1f7f29

  • Size

    322KB

  • Sample

    230206-syqlaaef38

  • MD5

    838491ef0574f9c44478846d4dfdb95e

  • SHA1

    ea8c6f2439ffdd3206f2731a044fd1187754d5d1

  • SHA256

    aebe8aa2e72ab13661749f5e0055ffadb251c2f36c4c4e1a9bcabff57c1f7f29

  • SHA512

    7c8f13787bfebfa6d448c6be3638282f10e00598770f08b6e0835cdc743a1b0a1807085630d8f9d01d6711214acbf683582f28cd02e09bc5db0dabdcb5c5b28a

  • SSDEEP

    3072:QFzbFIdLskv4CvRKsmYV3utrF7P2F15OScG7LlZzjDC1//+sxA7rrnMV+v3:2GdLf4C8slKrFTw18jGn/DClRkh

Malware Config

Targets

    • Target

      aebe8aa2e72ab13661749f5e0055ffadb251c2f36c4c4e1a9bcabff57c1f7f29

    • Size

      322KB

    • MD5

      838491ef0574f9c44478846d4dfdb95e

    • SHA1

      ea8c6f2439ffdd3206f2731a044fd1187754d5d1

    • SHA256

      aebe8aa2e72ab13661749f5e0055ffadb251c2f36c4c4e1a9bcabff57c1f7f29

    • SHA512

      7c8f13787bfebfa6d448c6be3638282f10e00598770f08b6e0835cdc743a1b0a1807085630d8f9d01d6711214acbf683582f28cd02e09bc5db0dabdcb5c5b28a

    • SSDEEP

      3072:QFzbFIdLskv4CvRKsmYV3utrF7P2F15OScG7LlZzjDC1//+sxA7rrnMV+v3:2GdLf4C8slKrFTw18jGn/DClRkh

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks