General
-
Target
New Order.doc
-
Size
2.1MB
-
Sample
210305-zt2l2alltn
-
MD5
1520f6a4a26f78c2e48798177d9eeb98
-
SHA1
551262272bc63fe224d4f9bb50abbc70e7028ac5
-
SHA256
ce5fdea4f80dbef6108295b6216ef43769683c384a4779e9042da6c1ddf4638c
-
SHA512
7da17e9bfd098ea1f75dfd1ec791f64ab09c0290aa3069c308e0db566b3fefe39f3734903f5c8b0f20cac5a020949ef1e9f700f322c1b93c000735a5d784542f
Static task
static1
Behavioral task
behavioral1
Sample
New Order.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
New Order.doc
Resource
win10v20201028
Malware Config
Extracted
https://u.teknik.io/co0r5.txt
Extracted
smokeloader
2018
http://cmcare.ca/1/
Targets
-
-
Target
New Order.doc
-
Size
2.1MB
-
MD5
1520f6a4a26f78c2e48798177d9eeb98
-
SHA1
551262272bc63fe224d4f9bb50abbc70e7028ac5
-
SHA256
ce5fdea4f80dbef6108295b6216ef43769683c384a4779e9042da6c1ddf4638c
-
SHA512
7da17e9bfd098ea1f75dfd1ec791f64ab09c0290aa3069c308e0db566b3fefe39f3734903f5c8b0f20cac5a020949ef1e9f700f322c1b93c000735a5d784542f
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-