General
-
Target
41174d7db173c0fc4e2426f49e66dd78.zip
-
Size
52KB
-
Sample
210305-scwb66btnx
-
MD5
e7a652e858d83f85c5897c7fb776f338
-
SHA1
5c2dc406c930eccebf13821aec700dcc6dc0eca4
-
SHA256
2b229f4b16f55ffe0b5e19e4bcd4249f6171c5d585c3cdff2a937152b744e01e
-
SHA512
1f73f22052e1fd1fec5bc1374304e405bfc3d202233a63684078ce925cd274fd8026f3b08e1a99bc9ee129d379c06be63627cefc4f9fcbbbe43e924a061be193
Behavioral task
behavioral1
Sample
ef76b566f621921a14be41f18a89d5b97bc3878cb5b1f1d81d668651d6126fb5.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ef76b566f621921a14be41f18a89d5b97bc3878cb5b1f1d81d668651d6126fb5.xls
Resource
win10v20201028
Malware Config
Extracted
http://paste.ee/r/Plkrg
Extracted
https://u.teknik.io/ubU1Y.txt
Extracted
smokeloader
2018
http://cfsmarthome.net/1/
Targets
-
-
Target
ef76b566f621921a14be41f18a89d5b97bc3878cb5b1f1d81d668651d6126fb5
-
Size
96KB
-
MD5
41174d7db173c0fc4e2426f49e66dd78
-
SHA1
4685a3c3226371580957b3a10b5af5d5f356e798
-
SHA256
ef76b566f621921a14be41f18a89d5b97bc3878cb5b1f1d81d668651d6126fb5
-
SHA512
9a60e2d72d3d610a08fed66fcbcf201c77ae20c852f36cd5c13c4284a7fcbacbf481da7378777fe71157d774b1a854e07c69448d3815942def8406e11915a46b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-