General
-
Target
2021lk049443.doc
-
Size
1.1MB
-
Sample
210413-x7g2m9yczs
-
MD5
67cb98b84a7db5f2f69023b0c5c08309
-
SHA1
9f04a27bb59ac6842ea400c95af131612bfe00f9
-
SHA256
6b2e23e38be7ad27c11af03599f5caaf69dff237e39a5ffb1904db398e613221
-
SHA512
fd6ad0a85ae2cd37e278c5cf702e67508b606108fd2c5854d52e37574088204db47d015251cde5dd75fe60b155440ed0aa8a735fd9b0fc5d423bda58458fb512
Static task
static1
Behavioral task
behavioral1
Sample
2021lk049443.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
2021lk049443.doc
Resource
win10v20210408
Malware Config
Extracted
https://u.teknik.io/28oLW.jpg
Extracted
smokeloader
2018
http://94.140.115.43/1/
Targets
-
-
Target
2021lk049443.doc
-
Size
1.1MB
-
MD5
67cb98b84a7db5f2f69023b0c5c08309
-
SHA1
9f04a27bb59ac6842ea400c95af131612bfe00f9
-
SHA256
6b2e23e38be7ad27c11af03599f5caaf69dff237e39a5ffb1904db398e613221
-
SHA512
fd6ad0a85ae2cd37e278c5cf702e67508b606108fd2c5854d52e37574088204db47d015251cde5dd75fe60b155440ed0aa8a735fd9b0fc5d423bda58458fb512
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-