General
-
Target
7a17cc5e2f7fafb6e040e2ff30272bea15d58b6ac404974286ea1dedf559b7ee-20210418-062646
-
Size
651KB
-
Sample
210418-k4h8bafp36
-
MD5
3d5917ec81fef2ab9f770af3718190e7
-
SHA1
5c3dea2f2563e32d769e2b8bed5bcb61f9449af6
-
SHA256
7a17cc5e2f7fafb6e040e2ff30272bea15d58b6ac404974286ea1dedf559b7ee
-
SHA512
9505966104ab992c4f995d9c509721326ea928a133ffd4b8a365303a58680d29e290fb54e25f18b5a5bd284ce5be2a47d9ac694f4f24343c220756bdfe8d291c
Static task
static1
Behavioral task
behavioral1
Sample
7a17cc5e2f7fafb6e040e2ff30272bea15d58b6ac404974286ea1dedf559b7ee-20210418-062646.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
7a17cc5e2f7fafb6e040e2ff30272bea15d58b6ac404974286ea1dedf559b7ee-20210418-062646.exe
Resource
win10v20210408
Malware Config
Extracted
smokeloader
2020
http://185.215.113.28/
Extracted
raccoon
169c5d05b5c705c55b29ba643be50dda8caffc2e
-
url4cnc
https://tttttt.me/umiumitfr3
Targets
-
-
Target
7a17cc5e2f7fafb6e040e2ff30272bea15d58b6ac404974286ea1dedf559b7ee-20210418-062646
-
Size
651KB
-
MD5
3d5917ec81fef2ab9f770af3718190e7
-
SHA1
5c3dea2f2563e32d769e2b8bed5bcb61f9449af6
-
SHA256
7a17cc5e2f7fafb6e040e2ff30272bea15d58b6ac404974286ea1dedf559b7ee
-
SHA512
9505966104ab992c4f995d9c509721326ea928a133ffd4b8a365303a58680d29e290fb54e25f18b5a5bd284ce5be2a47d9ac694f4f24343c220756bdfe8d291c
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-