General
-
Target
04psi.zip
-
Size
100KB
-
Sample
201107-lxpdbv9h4n
-
MD5
ea211b888d483e9d624e7927aa6487bb
-
SHA1
e7cec3c59fb6055ad5c62e1178a96a84e01d2a93
-
SHA256
a10400d1b68c46db52f94a07b4e2714bbcf319778ee9eda05f6aab0e9f545c09
-
SHA512
5c4a0eebc6910a39503d80d7cdcdb2a977576a7fccba7319bfd6434df58ce2e54de2bc4bcc64f0e5141d98f46eba465c79ece11e83d857bb8f9e28fb70817f68
Static task
static1
Behavioral task
behavioral1
Sample
04psi.exe
Resource
win7v20201028
Malware Config
Extracted
smokeloader
2020
http://rexstat35xm.xyz/statweb577/
http://dexspot2cx.club/statweb577/
http://atxspot20cx.best/statweb577/
http://rexspot7xm.xyz/statweb577/
http://datasectex.com/statweb577/
http://servicem977xm.xyz/statweb577/
http://advertxman7cx.xyz/statweb577/
http://starxpush7xm.xyz/statweb577/
Extracted
dridex
10111
194.150.118.7:443
49.212.179.180:3889
69.64.62.4:4443
Targets
-
-
Target
04psi.exe
-
Size
237KB
-
MD5
4bc2708122b1e43131888d1beee6c560
-
SHA1
8a82caf8b8f908898145e953ef8f1e665e8058db
-
SHA256
3fc06d1926ada759903e4ebc197f9da5baa80fb8f729f34395dd7c67e2d58a8c
-
SHA512
fcf714de9ae1d23ebe054f601938653f9643dbbf288319b4c3b2872544dbb2c82c5db8a4abc64a146648da9f5b71760ce485c1b5935473d214736438dffc2749
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
JavaScript code in executable
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-