General
-
Target
eb928f21280095b1fd218c00e31a1231.exe
-
Size
154KB
-
Sample
201228-dh1wxpm58j
-
MD5
eb928f21280095b1fd218c00e31a1231
-
SHA1
cb26a64b6df40eaa0f2fb770efc489b3f6cebe10
-
SHA256
def3ea13d6bea242eceb7a032076e4127b463f83acab8e78bb60ba4ca4ae2709
-
SHA512
e01c9f42711aad46f8657817fa6f809bc68d638602f3b0eee485832be3bb269128a0994e7bec73646b0f6bd68a61b8200a50d3aa19e6d988bc0c46dae7246bc9
Static task
static1
Behavioral task
behavioral1
Sample
eb928f21280095b1fd218c00e31a1231.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
eb928f21280095b1fd218c00e31a1231.exe
Resource
win10v20201028
Malware Config
Extracted
smokeloader
2020
http://vtdilet.com/upload/
http://netvxi.com/upload/
http://tinnys.monster/upload/
Targets
-
-
Target
eb928f21280095b1fd218c00e31a1231.exe
-
Size
154KB
-
MD5
eb928f21280095b1fd218c00e31a1231
-
SHA1
cb26a64b6df40eaa0f2fb770efc489b3f6cebe10
-
SHA256
def3ea13d6bea242eceb7a032076e4127b463f83acab8e78bb60ba4ca4ae2709
-
SHA512
e01c9f42711aad46f8657817fa6f809bc68d638602f3b0eee485832be3bb269128a0994e7bec73646b0f6bd68a61b8200a50d3aa19e6d988bc0c46dae7246bc9
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-