Resubmissions

19-02-2023 21:04

230219-zwxedaga7w 10

19-02-2023 18:51

230219-xhma5sfg4z 10

General

  • Target

    b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a

  • Size

    227KB

  • Sample

    230219-xhma5sfg4z

  • MD5

    8e9b5572a7470a015a4bd2b91fd78ab0

  • SHA1

    4e4d5406696a6d00bcf54633aba6f2f68c80ad72

  • SHA256

    b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a

  • SHA512

    c7dc66b40a791dd83c3beb44adb010ba7238bc9fc04eeb0c3e172c905a4ef04530dc1447a08d5046b8afb19c4e1ede6aea928edea8f7cfd54dec8ce9b50197af

  • SSDEEP

    3072:sB/aYaPSLD1P/m0a0k0IiqCRfsB5xJ7zg6qeL+VqYsPAl/Mvcf1iBh2s:6LaPSLFm0lJqCRfgdgRjwnPpENiH2

Malware Config

Targets

    • Target

      b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a

    • Size

      227KB

    • MD5

      8e9b5572a7470a015a4bd2b91fd78ab0

    • SHA1

      4e4d5406696a6d00bcf54633aba6f2f68c80ad72

    • SHA256

      b45d683efd7ec95afd23317e2c0e9ca178b16c0d9f4f3c2363035dd10e24698a

    • SHA512

      c7dc66b40a791dd83c3beb44adb010ba7238bc9fc04eeb0c3e172c905a4ef04530dc1447a08d5046b8afb19c4e1ede6aea928edea8f7cfd54dec8ce9b50197af

    • SSDEEP

      3072:sB/aYaPSLD1P/m0a0k0IiqCRfsB5xJ7zg6qeL+VqYsPAl/Mvcf1iBh2s:6LaPSLFm0lJqCRfgdgRjwnPpENiH2

    • Detects Smokeloader packer

    • Panda Stealer payload

    • PandaStealer

      Panda Stealer is a fork of CollectorProject Stealer written in C++.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks