General
-
Target
tryb.doc
-
Size
2.0MB
-
Sample
210303-1p1423y6mj
-
MD5
71fac99c1a854b308c866dc7434be8cb
-
SHA1
a7160abce4a919fe4ffdc0445bd73a7079d629c4
-
SHA256
56976b68d13955db91148d788ecc4b13bbe070c4047736e1d0a086eb3afe57df
-
SHA512
8f8ed5dff1b3d84f01ba2c04c9d362fa2d6d6c54e3c9a6d0b7ef87a39d28596eef74b133b766ae0acbe2c2eff8a8b72303a7420cdec111f37b58cf1f76378009
Static task
static1
Behavioral task
behavioral1
Sample
tryb.doc.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
tryb.doc.rtf
Resource
win10v20201028
Malware Config
Extracted
smokeloader
2018
http://trybobry.com.ua/1/
Targets
-
-
Target
tryb.doc
-
Size
2.0MB
-
MD5
71fac99c1a854b308c866dc7434be8cb
-
SHA1
a7160abce4a919fe4ffdc0445bd73a7079d629c4
-
SHA256
56976b68d13955db91148d788ecc4b13bbe070c4047736e1d0a086eb3afe57df
-
SHA512
8f8ed5dff1b3d84f01ba2c04c9d362fa2d6d6c54e3c9a6d0b7ef87a39d28596eef74b133b766ae0acbe2c2eff8a8b72303a7420cdec111f37b58cf1f76378009
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-