General

  • Target

    78cc1ac6964aefbb47531da66d2a2284a801e7dd555413468f975eb713569010

  • Size

    300KB

  • Sample

    230206-yxv29sah9z

  • MD5

    fc87209b84bf6633891b3b326c439fbc

  • SHA1

    15db6ca92e03ab147dcd713190901a891823d67f

  • SHA256

    78cc1ac6964aefbb47531da66d2a2284a801e7dd555413468f975eb713569010

  • SHA512

    a1d329fcfd82ee558bcaffe1f63351e62b147caaa3580477a7d2b05fdcdeeb1f2e9cf5c7e2de48b16440fa0bc39ff62a6b75175e50c57c6f25036f70eebb1c0f

  • SSDEEP

    3072:ClNib6bhxLKVXRGXpf6aCLyKo3SW1+YmNAI917EquQjiMTE5sThCgafj:CGqxLQk5fGL1oiO+YmJduQj9PTwga

Malware Config

Targets

    • Target

      78cc1ac6964aefbb47531da66d2a2284a801e7dd555413468f975eb713569010

    • Size

      300KB

    • MD5

      fc87209b84bf6633891b3b326c439fbc

    • SHA1

      15db6ca92e03ab147dcd713190901a891823d67f

    • SHA256

      78cc1ac6964aefbb47531da66d2a2284a801e7dd555413468f975eb713569010

    • SHA512

      a1d329fcfd82ee558bcaffe1f63351e62b147caaa3580477a7d2b05fdcdeeb1f2e9cf5c7e2de48b16440fa0bc39ff62a6b75175e50c57c6f25036f70eebb1c0f

    • SSDEEP

      3072:ClNib6bhxLKVXRGXpf6aCLyKo3SW1+YmNAI917EquQjiMTE5sThCgafj:CGqxLQk5fGL1oiO+YmJduQj9PTwga

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Tasks