General

  • Target

    743287c61e61d0d52da6ed6bd942697ad13d06e0

  • Size

    118KB

  • Sample

    241109-rnkfvawdpj

  • MD5

    6c2da67acf9ffb676f5405d1ee7a83e5

  • SHA1

    743287c61e61d0d52da6ed6bd942697ad13d06e0

  • SHA256

    d122647aae3de82051e45fca17237f135db57f0929a660cf5e21ebdb4c3e5b47

  • SHA512

    1421d59bd3837326bc2abec7736b33175d2e75e1561f30d65d0f2182f588a7d38fdb6f748868c7e906eedff4af001a611b83280b9e686df12e1b4c31994ac995

  • SSDEEP

    3072:d12e2xooyP5ohvJUxJg0BY9kfV2EXrAMOUG4K1blZ:gxKxo7zHoQ+1OzZ

Malware Config

Targets

    • Target

      2de5fe686b665d9aeb98b075fb139e33fffe278986a15622ea90bcad2f760ab1

    • Size

      247KB

    • MD5

      a149f9c13f37f5c71124e0c26da9b52a

    • SHA1

      2a4961083c2015d449a7fef2042f4cb54a8ebc3d

    • SHA256

      2de5fe686b665d9aeb98b075fb139e33fffe278986a15622ea90bcad2f760ab1

    • SHA512

      fb4f8f7d890b309af5a26fde727a5d777ed6b13e4e3749bfdb965218f3237226541ecb0ce7f8cf96ef36ecee008f8158e6623dbcd7b7704489bb4e9a3f6bcf72

    • SSDEEP

      3072:cnoOkmEQ4Zpc4CRWEFaBP2CudkT2z2y8gzHdwim7E:coOipvcNloB+VdkT2arIN+E

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Smokeloader family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks