General
-
Target
9fbd32c6bb25f6a660696fa9830c5040.exe
-
Size
847KB
-
Sample
210413-6vjbwh5166
-
MD5
9fbd32c6bb25f6a660696fa9830c5040
-
SHA1
1e41347d36792e823a8982b10170d83a0722e3cc
-
SHA256
5de2819f832f06f69009b07779eacabc1b171540b10689b4b23eaac8f3232e14
-
SHA512
3b89b40676449390bfdc139aad1ac664cf14213eeed32dfa8e06671a8bcc97fe6facd42331657bdc220a9e38fee2021b1ea7a1c2ace6b89ec5d31d488eb2bdfb
Static task
static1
Behavioral task
behavioral1
Sample
9fbd32c6bb25f6a660696fa9830c5040.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
9fbd32c6bb25f6a660696fa9830c5040.exe
Resource
win10v20210408
Malware Config
Extracted
https://u.teknik.io/28oLW.jpg
Extracted
smokeloader
2018
http://94.140.115.43/1/
Targets
-
-
Target
9fbd32c6bb25f6a660696fa9830c5040.exe
-
Size
847KB
-
MD5
9fbd32c6bb25f6a660696fa9830c5040
-
SHA1
1e41347d36792e823a8982b10170d83a0722e3cc
-
SHA256
5de2819f832f06f69009b07779eacabc1b171540b10689b4b23eaac8f3232e14
-
SHA512
3b89b40676449390bfdc139aad1ac664cf14213eeed32dfa8e06671a8bcc97fe6facd42331657bdc220a9e38fee2021b1ea7a1c2ace6b89ec5d31d488eb2bdfb
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-