General
-
Target
2021ME04LO15.doc
-
Size
1.4MB
-
Sample
210415-er64pm64ex
-
MD5
a073a792ee6617735ac30bb43eb61ac7
-
SHA1
946c5909cae581f6e8721a8c739f4277f4d03ad8
-
SHA256
85ac76220919a37ce00b15eeaf30a0d0c040a4424b06600e53f3bd828bb76678
-
SHA512
c5c66c684053fd15e582e71d9c8e5764d5496c5620b9693228d7f275c1ccaf73d2a27da2ca2f8b200fe8e5783e487815a0672f88796bdc03923f5832d6e9730e
Static task
static1
Behavioral task
behavioral1
Sample
2021ME04LO15.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2021ME04LO15.doc
Resource
win10v20210410
Malware Config
Extracted
httPs://paste.ee/r/8Ajuy
httPs://paste.ee/r/StzRu
Extracted
smokeloader
2018
http://melonco.com/0/
Targets
-
-
Target
2021ME04LO15.doc
-
Size
1.4MB
-
MD5
a073a792ee6617735ac30bb43eb61ac7
-
SHA1
946c5909cae581f6e8721a8c739f4277f4d03ad8
-
SHA256
85ac76220919a37ce00b15eeaf30a0d0c040a4424b06600e53f3bd828bb76678
-
SHA512
c5c66c684053fd15e582e71d9c8e5764d5496c5620b9693228d7f275c1ccaf73d2a27da2ca2f8b200fe8e5783e487815a0672f88796bdc03923f5832d6e9730e
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-