General
-
Target
Proforma Invoice.doc
-
Size
1.1MB
-
Sample
201220-xnjw6gb2en
-
MD5
1e1396f3c19ca0da565796765dfdc86e
-
SHA1
f88aec3c6a465ffa3f02a7310f6e68961412306f
-
SHA256
32cdde71950a516a92c69589e51435fee3478d90dd715a9c624aa140d81fd8c6
-
SHA512
e117a7ba4759973f1c97d6b9ec8fffbb56065518e69f0999441794280693a7d3904ba5139af51a95cd9d9fff2a0274f1c1763405b832e0ff2a5ee9ec6379b0e2
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Proforma Invoice.doc
Resource
win10v20201028
Malware Config
Extracted
httPs://paste.ee/r/Mjoao
httPs://paste.ee/r/w1KCp
Extracted
smokeloader
2018
http://vipengland.com/2/
Targets
-
-
Target
Proforma Invoice.doc
-
Size
1.1MB
-
MD5
1e1396f3c19ca0da565796765dfdc86e
-
SHA1
f88aec3c6a465ffa3f02a7310f6e68961412306f
-
SHA256
32cdde71950a516a92c69589e51435fee3478d90dd715a9c624aa140d81fd8c6
-
SHA512
e117a7ba4759973f1c97d6b9ec8fffbb56065518e69f0999441794280693a7d3904ba5139af51a95cd9d9fff2a0274f1c1763405b832e0ff2a5ee9ec6379b0e2
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-