General

  • Target

    987123[1].exe

  • Size

    248KB

  • Sample

    240724-x4yw3ashql

  • MD5

    632b2d07e50b196df7d9981ab6e97e7f

  • SHA1

    34ad4d599d258ace18c19a7cc68a714a89809d6a

  • SHA256

    805e284a572c89194c01a4b45018ebd84611a17324115a706ed490d92d30fb6f

  • SHA512

    04dad39193f24d27417ba9124ee2c229fec680476b97efe45fee88670c422d76eb08acb2357b5ed3b028df6e3edb8e99ef7cad9b40567cd99d41a86244733043

  • SSDEEP

    3072:3DwPX0z03zMXam9kU5N3NYFeSJpcC0aFEl9GQ5c4JfXMSS5/8ESPz3JBEGCH:O9MXvnkeoc/aCz5c4JPqmzB

Malware Config

Targets

    • Target

      987123[1].exe

    • Size

      248KB

    • MD5

      632b2d07e50b196df7d9981ab6e97e7f

    • SHA1

      34ad4d599d258ace18c19a7cc68a714a89809d6a

    • SHA256

      805e284a572c89194c01a4b45018ebd84611a17324115a706ed490d92d30fb6f

    • SHA512

      04dad39193f24d27417ba9124ee2c229fec680476b97efe45fee88670c422d76eb08acb2357b5ed3b028df6e3edb8e99ef7cad9b40567cd99d41a86244733043

    • SSDEEP

      3072:3DwPX0z03zMXam9kU5N3NYFeSJpcC0aFEl9GQ5c4JfXMSS5/8ESPz3JBEGCH:O9MXvnkeoc/aCz5c4JPqmzB

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks