General
-
Target
2021BR04IS15.doc
-
Size
1.4MB
-
Sample
210415-j12plvfr4n
-
MD5
dfaff4e0aad9296b882310322c211efa
-
SHA1
7bd779022d831e957078f699119bb60290cde3db
-
SHA256
e3148cf77b9313eb1fc2d9c76ff98ea77c878321beb56481f23f37e6c6199ee9
-
SHA512
fe9058f368d0ae3b2fa7feba3b07d0610398ab4093df582757d8efb491dab72b72aa0d27728da0704f272a7b700cc51b7e9a09efeed652a19d7f95a5b9d9bace
Static task
static1
Behavioral task
behavioral1
Sample
2021BR04IS15.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2021BR04IS15.doc
Resource
win10v20210410
Malware Config
Extracted
httPs://paste.ee/r/Rbngj
httPs://paste.ee/r/ezAoz
Extracted
smokeloader
2018
http://bristell.com/0/
Targets
-
-
Target
2021BR04IS15.doc
-
Size
1.4MB
-
MD5
dfaff4e0aad9296b882310322c211efa
-
SHA1
7bd779022d831e957078f699119bb60290cde3db
-
SHA256
e3148cf77b9313eb1fc2d9c76ff98ea77c878321beb56481f23f37e6c6199ee9
-
SHA512
fe9058f368d0ae3b2fa7feba3b07d0610398ab4093df582757d8efb491dab72b72aa0d27728da0704f272a7b700cc51b7e9a09efeed652a19d7f95a5b9d9bace
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-