Overview

overview

10

Static

static

3

2025-04-01...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-01_f513dc988cb2c77428b754ffb9669040_amadey_konni_smoke-loader

  • Size

    201KB

  • Sample

    250401-sdrylsz1fx

  • MD5

    f513dc988cb2c77428b754ffb9669040

  • SHA1

    e8e5386c5e7e53f0ef1270e92c1b45c2df3bd71a

  • SHA256

    a36bb3dbfa3e5ecbbafc07e1f3829035101a2f5883667bf0cbe2e686857a9ccd

  • SHA512

    80cbb72d888744352db1fe73139aee3beefb3d98f06c91f90cbc87f3be6470f5b890f41d8a75910a50fec7969cf310802bfba05c99ec70b1090789a1f790e99a

  • SSDEEP

    3072:m5S0VvIH4lindUJXw58BkgnyNMIoVtmvVg4gdYbnybcapz/0Ic6o+Fc28V4EK:ma4InuJg58BkgqPoDH49n8Bb/c20Q

Score
10/10
defense_evasiondiscoveryexecutionexploitpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Targets

    • Target

      2025-04-01_f513dc988cb2c77428b754ffb9669040_amadey_konni_smoke-loader

    • Size

      201KB

    • MD5

      f513dc988cb2c77428b754ffb9669040

    • SHA1

      e8e5386c5e7e53f0ef1270e92c1b45c2df3bd71a

    • SHA256

      a36bb3dbfa3e5ecbbafc07e1f3829035101a2f5883667bf0cbe2e686857a9ccd

    • SHA512

      80cbb72d888744352db1fe73139aee3beefb3d98f06c91f90cbc87f3be6470f5b890f41d8a75910a50fec7969cf310802bfba05c99ec70b1090789a1f790e99a

    • SSDEEP

      3072:m5S0VvIH4lindUJXw58BkgnyNMIoVtmvVg4gdYbnybcapz/0Ic6o+Fc28V4EK:ma4InuJg58BkgqPoDH49n8Bb/c20Q

    Score
    10/10
    defense_evasiondiscoveryexecutionexploitpersistenceprivilege_escalationspywarestealertrojan
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

2
T1569

Service Execution

2
T1569.002

Persistence

Create or Modify System Process

4
T1543

Windows Service

4
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

4
T1543

Windows Service

4
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

File and Directory Permissions Modification

1
T1222

Hide Artifacts

2
T1564

Hidden Files and Directories

1
T1564.001

Hidden Users

1
T1564.002

Impair Defenses

5
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

3
T1562.001

Modify Registry

3
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Permission Groups Discovery

1
T1069

Local Groups

1
T1069.001

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Service Stop

2
T1489

Tasks