General

  • Target

    4a312d9b5d2ad81ce5da704369f201268fda30a8274136c3595767203e463e9d

  • Size

    1.6MB

  • Sample

    240429-fl54zsbd6z

  • MD5

    7a1a1ef5364d1de84ccda20479a6be66

  • SHA1

    4141826fdaf7c15e6ee2f23ea0bdc2c5ef1e09ae

  • SHA256

    4a312d9b5d2ad81ce5da704369f201268fda30a8274136c3595767203e463e9d

  • SHA512

    7d2cf5b4894af33c56497883b6dc9d0d69ce6beb7bc6615ee2ad0b3bf1467b4e6080ca570cacd112dd011e2764b0bd663a3d05d0a72462cbbbbf49a05a7cca36

  • SSDEEP

    24576:kmZ+I9s6x+YxgS7WvwCB06006XU6DixBQuGmTm:kmZ+Iqyri2NCBL6XU6mbQrm

Malware Config

Extracted

Family

smokeloader

Botnet

pub3

Targets

    • Target

      4a312d9b5d2ad81ce5da704369f201268fda30a8274136c3595767203e463e9d

    • Size

      1.6MB

    • MD5

      7a1a1ef5364d1de84ccda20479a6be66

    • SHA1

      4141826fdaf7c15e6ee2f23ea0bdc2c5ef1e09ae

    • SHA256

      4a312d9b5d2ad81ce5da704369f201268fda30a8274136c3595767203e463e9d

    • SHA512

      7d2cf5b4894af33c56497883b6dc9d0d69ce6beb7bc6615ee2ad0b3bf1467b4e6080ca570cacd112dd011e2764b0bd663a3d05d0a72462cbbbbf49a05a7cca36

    • SSDEEP

      24576:kmZ+I9s6x+YxgS7WvwCB06006XU6DixBQuGmTm:kmZ+Iqyri2NCBL6XU6mbQrm

    • Detect ZGRat V1

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks