General
-
Target
478f10e0783a32a7a31258ec48752661.rtf
-
Size
1.3MB
-
Sample
201211-8nevq1wmyx
-
MD5
478f10e0783a32a7a31258ec48752661
-
SHA1
fa243c063ffeee90057a8eb0427adaa018f96280
-
SHA256
34ddcf76eaab0ce9d00cc121ada77e5c2b8ad4a89475a20839ab2f7971d1ca80
-
SHA512
7cac616bf90df54e6d0656f6919996c94995184c9ef681c8c692e6ed120a84254e41f2154bf1fec4571cc51a6f54c7f67db13e807f8c80eaa6b53bfdc7ab4fae
Static task
static1
Behavioral task
behavioral1
Sample
478f10e0783a32a7a31258ec48752661.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
478f10e0783a32a7a31258ec48752661.rtf
Resource
win10v20201028
Malware Config
Extracted
smokeloader
2018
http://perkyplay.com/z/
Targets
-
-
Target
478f10e0783a32a7a31258ec48752661.rtf
-
Size
1.3MB
-
MD5
478f10e0783a32a7a31258ec48752661
-
SHA1
fa243c063ffeee90057a8eb0427adaa018f96280
-
SHA256
34ddcf76eaab0ce9d00cc121ada77e5c2b8ad4a89475a20839ab2f7971d1ca80
-
SHA512
7cac616bf90df54e6d0656f6919996c94995184c9ef681c8c692e6ed120a84254e41f2154bf1fec4571cc51a6f54c7f67db13e807f8c80eaa6b53bfdc7ab4fae
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-