General
-
Target
smokey_loader.exe
-
Size
40KB
-
Sample
200827-84pwc3q9fn
-
MD5
112f0d958cadae441b1b1624e270ce38
-
SHA1
c3823572821f717fd6a9537febb66ad566b2081a
-
SHA256
b1d0d50f6e59811b2985ddbedbaed3813f5f3b1e81d4c4e3a517b76ac0a53ce8
-
SHA512
f444d911b5547e53b953e6500cf81986023667878aef3f787fa7642f211ace315901c1de8c4ef6df4a199e4878c92f2fe45bdb1cacfee2c658c39e4505467e83
Static task
static1
Behavioral task
behavioral1
Sample
smokey_loader.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
smokey_loader.exe
Resource
win10
Malware Config
Extracted
smokeloader
2020
http://rexstat35x.xyz/statweb955/
http://dexspot2x.xyz/statweb955/
http://atxspot20x.xyz/statweb955/
http://rexspot7x.xyz/statweb955/
http://fdmail85.club/statweb955/
http://servicem977x.xyz/statweb955/
http://advertxman7x.xyz/statweb955/
http://starxpush7x.xyz/statweb955/
Targets
-
-
Target
smokey_loader.exe
-
Size
40KB
-
MD5
112f0d958cadae441b1b1624e270ce38
-
SHA1
c3823572821f717fd6a9537febb66ad566b2081a
-
SHA256
b1d0d50f6e59811b2985ddbedbaed3813f5f3b1e81d4c4e3a517b76ac0a53ce8
-
SHA512
f444d911b5547e53b953e6500cf81986023667878aef3f787fa7642f211ace315901c1de8c4ef6df4a199e4878c92f2fe45bdb1cacfee2c658c39e4505467e83
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-