General
-
Target
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91.exe
-
Size
181KB
-
Sample
200827-m1jren2nas
-
MD5
80d3605d4b180cdd2fef6cb6312942bd
-
SHA1
12386eee0db55c3c612c92b7912d6f5eceaaffdc
-
SHA256
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91
-
SHA512
cfb0f5785978586aeaec6a832f0dfae13039c07f977f0afb63fcdbb27981b7bc95ecaf202c7a5ddfec9b47bbf1c5c00c2cfdbc471035311b2458dec6a2e65fd9
Static task
static1
Behavioral task
behavioral1
Sample
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91.exe
Resource
win10
Malware Config
Extracted
smokeloader
2020
http://rexstat35x.xyz/statweb955/
http://dexspot2x.xyz/statweb955/
http://atxspot20x.xyz/statweb955/
http://rexspot7x.xyz/statweb955/
http://fdmail85.club/statweb955/
http://servicem977x.xyz/statweb955/
http://advertxman7x.xyz/statweb955/
http://starxpush7x.xyz/statweb955/
Targets
-
-
Target
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91.exe
-
Size
181KB
-
MD5
80d3605d4b180cdd2fef6cb6312942bd
-
SHA1
12386eee0db55c3c612c92b7912d6f5eceaaffdc
-
SHA256
7c9eba57cb8262a908dc10929cf38b8e4e0af9f5a3f69bdf226b151761580e91
-
SHA512
cfb0f5785978586aeaec6a832f0dfae13039c07f977f0afb63fcdbb27981b7bc95ecaf202c7a5ddfec9b47bbf1c5c00c2cfdbc471035311b2458dec6a2e65fd9
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-