General
-
Target
2c2cb2aa0782874d3c14cdd6f063f979.exe
-
Size
847KB
-
Sample
210413-y5cb33t8pj
-
MD5
2c2cb2aa0782874d3c14cdd6f063f979
-
SHA1
583c43ca939f9d8a4eea53a7d71157ac3571a350
-
SHA256
c508cefc2d6430d8be028c7224aac6641e0da4f072e503261b32b950e0ef21da
-
SHA512
34c35989b80841ce09672856ad8c52475a2fa96da1004a61d2417241a25c12e108439f1c7e4851f125ea6af412e96487da793213f63feebb5ffed8f3a97c9d26
Static task
static1
Behavioral task
behavioral1
Sample
2c2cb2aa0782874d3c14cdd6f063f979.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2c2cb2aa0782874d3c14cdd6f063f979.exe
Resource
win10v20210410
Malware Config
Extracted
https://u.teknik.io/bHrgG.jpg
Extracted
smokeloader
2018
http://94.140.114.59/1/
Targets
-
-
Target
2c2cb2aa0782874d3c14cdd6f063f979.exe
-
Size
847KB
-
MD5
2c2cb2aa0782874d3c14cdd6f063f979
-
SHA1
583c43ca939f9d8a4eea53a7d71157ac3571a350
-
SHA256
c508cefc2d6430d8be028c7224aac6641e0da4f072e503261b32b950e0ef21da
-
SHA512
34c35989b80841ce09672856ad8c52475a2fa96da1004a61d2417241a25c12e108439f1c7e4851f125ea6af412e96487da793213f63feebb5ffed8f3a97c9d26
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-