Overview

overview

10

Static

static

1

invoice_te...df.lnk

windows7-x64

8

invoice_te...df.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice_template.pdf.lnk

  • Size

    1.3MB

  • Sample

    241106-s5cm1avpgm

  • MD5

    9843c5bbba28871898a11724713926a7

  • SHA1

    28a28d00c8d8a6e284e679cbc94fc586b32650e8

  • SHA256

    1fe661a6f1371bfd4b4c2fdc0e835f8ca8bbdc2d25b00b5b89846fc4cdeea2f1

  • SHA512

    7f2b77ab729c979c2421890d8f80fae7c308d2a3d7f4d3c557373b182311992ef9a2974fd5826d9b57956776a73a70236a0c551161edb315575b51537ef4e936

  • SSDEEP

    24576:TAKPJ5wgA31fynHyzeHW5bdYUqM3656dyBoNMul63RPSl:8kvAlfAHyV36gdAobl

Score
10/10
smokeloaderbackdoordiscoveryexecutiontrojan

Malware Config

Targets

    • Target

      invoice_template.pdf.lnk

    • Size

      1.3MB

    • MD5

      9843c5bbba28871898a11724713926a7

    • SHA1

      28a28d00c8d8a6e284e679cbc94fc586b32650e8

    • SHA256

      1fe661a6f1371bfd4b4c2fdc0e835f8ca8bbdc2d25b00b5b89846fc4cdeea2f1

    • SHA512

      7f2b77ab729c979c2421890d8f80fae7c308d2a3d7f4d3c557373b182311992ef9a2974fd5826d9b57956776a73a70236a0c551161edb315575b51537ef4e936

    • SSDEEP

      24576:TAKPJ5wgA31fynHyzeHW5bdYUqM3656dyBoNMul63RPSl:8kvAlfAHyV36gdAobl

    Score
    10/10
    executionsmokeloaderbackdoordiscoverytrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Smokeloader family

      smokeloader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks