General
-
Target
TRD-ENQ-70-2499-26-SIS.zip
-
Size
91KB
-
Sample
210302-3df6pkq4px
-
MD5
db339e2f4df08ffe54c9a6b104b72577
-
SHA1
e7fcfc6f26114d4dfe6d2cf3ba0a037faa8f92f0
-
SHA256
5336244ea1a4dd0d73a219721a6105f5976af420f4c4e16c6dae5383596d0576
-
SHA512
d3834a0fd297bf2829d543277d840a941dc522a1ff33071ecb8930022f15a79f0af53d83b2a92ebb0cfa8c4e9572b23c15dc5d12f7cdc4b75b05652b457d4ecb
Malware Config
Extracted
http://paste.ee/r/w0yLV
Extracted
https://u.teknik.io/co0r5.txt
Extracted
smokeloader
2018
http://cmcare.ca/1/
Targets
-
-
Target
TRD-ENQ-70-2499-26-SIS.xls
-
Size
155KB
-
MD5
a9f22ee486f5effd62a8880f3472c088
-
SHA1
eb8531c54d4a11add906fbadba9fc2969ed8fc53
-
SHA256
ba7022816b45ca6c627869743cb759207d577d774ac0d81edb5bf20445941115
-
SHA512
88fdd7caa527e34ddfd765b04a9f82a7f4145ed6b6a629e418a28f4c57778c43b8b7402f70549e8a00d4171eb9b7166b72595b951a145b1361df4fac26ab88e9
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-