General
-
Target
b0ce4432e309be31158fd005fb98a7c3dc5690dff90e594dbc11f58962358f94
-
Size
145KB
-
Sample
210926-majvyaeff5
-
MD5
afd08300114735501f964bdc7e058558
-
SHA1
ecfbea95ccd1bc019e7c5e8e7604a68d53e0ec4b
-
SHA256
b0ce4432e309be31158fd005fb98a7c3dc5690dff90e594dbc11f58962358f94
-
SHA512
68961a3986ec6bcc92e818720762a2fd82f8fad61ae400d9c2ab2c2733df52d93c2b18e1644cd6e8222b20cdc2747ed8ac66f9e5b4588b3bdc80f652c4a030f1
Static task
static1
Behavioral task
behavioral1
Sample
b0ce4432e309be31158fd005fb98a7c3dc5690dff90e594dbc11f58962358f94.exe
Resource
win10-en-20210920
Malware Config
Extracted
smokeloader
2020
http://naghenrietti1.top/
http://kimballiett2.top/
http://xadriettany3.top/
http://jebeccallis4.top/
http://nityanneron5.top/
http://umayaniela6.top/
http://lynettaram7.top/
http://sadineyalas8.top/
http://geenaldencia9.top/
http://aradysiusep10.top/
Extracted
raccoon
5ff0ccb2bc00dc52d1ad09949e9c7663bc9ca4d4
-
url4cnc
https://t.me/agrybirdsgamerept
Targets
-
-
Target
b0ce4432e309be31158fd005fb98a7c3dc5690dff90e594dbc11f58962358f94
-
Size
145KB
-
MD5
afd08300114735501f964bdc7e058558
-
SHA1
ecfbea95ccd1bc019e7c5e8e7604a68d53e0ec4b
-
SHA256
b0ce4432e309be31158fd005fb98a7c3dc5690dff90e594dbc11f58962358f94
-
SHA512
68961a3986ec6bcc92e818720762a2fd82f8fad61ae400d9c2ab2c2733df52d93c2b18e1644cd6e8222b20cdc2747ed8ac66f9e5b4588b3bdc80f652c4a030f1
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-