HTML Application (.HTA) files are being used to distribute Smoke Loader malware – SonicWall
Tags
cmtmf-attack-pattern: Code Injection
country: Germany
attack-pattern: Data Direct Code Injection - T1540 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Hollowing - T1055.012 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Powershell - T1086 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID 9dae7672-e343-43d6-9d58-206bf8c9e746
Fingerprint 8c2c3d25adbb0681
Analysis status DONE
Considered CTI value 0
Text language
Published June 21, 2022, midnight
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:53 p.m.
Headline HTML Application files are being used to distribute Smoke Loader malware
Title HTML Application (.HTA) files are being used to distribute Smoke Loader malware – SonicWall
Detected Hints/Tags/Attributes 44/3/34
Source URLs
Redirection Url
Details Source https://securitynews.sonicwall.com/xmlpost/html-application-hta-files-are-being-used-to-distribute-smoke-loader-malware/
URL Provider
Details Provider Source level domain
Details sonicwall.com securitynews.sonicwall.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
zahlungserinnerung-bv-green-golfm.zip
Details Domain 1 
www.trimm.at
Details Domain 1 
ostgotahusbilsuthynring.de
Details Domain 1 
autoland-ls.de
Details Domain 1 
autogalerieseud.de
Details Domain 1 
autohuas-e-c.de
Details File 1 
zahlungserinnerung-bv-green-golfm.zip
Details File 8 
upx.exe
Details File 10 
qemu-ga.exe
Details File 3 
qga.exe
Details File 6 
windanr.exe
Details File 42 
vboxservice.exe
Details File 44 
vboxtray.exe
Details File 74 
vmtoolsd.exe
Details File 11 
prl_tools.exe
Details File 1260 
explorer.exe
Details File 30 
autoruns.exe
Details File 64 
procexp.exe
Details File 40 
procexp64.exe
Details File 74 
procmon.exe
Details File 27 
procmon64.exe
Details File 29 
tcpview.exe
Details File 71 
wireshark.exe
Details File 56 
processhacker.exe
Details File 40 
ollydbg.exe
Details File 28 
x32dbg.exe
Details File 23 
x64dbg.exe
Details File 17 
idaq.exe
Details File 5 
idaw.exe
Details File 16 
idaq64.exe
Details File 2 
idaw64.exe
Details File 533 
ntdll.dll
Details File 748 
kernel32.dll
Details File 229 
advapi32.dll