General
-
Target
Proforma Invoice.doc
-
Size
2.5MB
-
Sample
201220-z53mmbzrtn
-
MD5
f8d74c4e175a21cb8010a56b455d56e0
-
SHA1
c2fc75b55d8aadb0486adbf6c172dee41591d346
-
SHA256
64488d0945d0b02943797f1886fd7d5f075f61445b6c41071a0c77b40eb3649f
-
SHA512
e20debdf490d024ae84779d98303f8cc9f30b52292cb33731ce890ff07dca622f88fe0dc0e3f83327ca8ee6bf81316846cea4747dbaddd77f175d297f64db819
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.doc.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Proforma Invoice.doc.rtf
Resource
win10v20201028
Malware Config
Extracted
httPs://paste.ee/r/WX4xy
httPs://paste.ee/r/S4DRb
Extracted
smokeloader
2018
http://bearddate.com/1/
Targets
-
-
Target
Proforma Invoice.doc
-
Size
2.5MB
-
MD5
f8d74c4e175a21cb8010a56b455d56e0
-
SHA1
c2fc75b55d8aadb0486adbf6c172dee41591d346
-
SHA256
64488d0945d0b02943797f1886fd7d5f075f61445b6c41071a0c77b40eb3649f
-
SHA512
e20debdf490d024ae84779d98303f8cc9f30b52292cb33731ce890ff07dca622f88fe0dc0e3f83327ca8ee6bf81316846cea4747dbaddd77f175d297f64db819
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-