General
-
Target
60cdab374236b2efe894bce090719365
-
Size
339KB
-
Sample
211028-2vkejahafr
-
MD5
60cdab374236b2efe894bce090719365
-
SHA1
fe35e203023a64e0831bdb8b4b27fc28e1feb0db
-
SHA256
0c4a2dc11b12ad8545e5397eff8bcde53238c2283905e7b49610f9cafa779800
-
SHA512
8654d91ab7c1d824c9802e2395dad3f224fc2417599c359c3d80a89b97b1331c78755369aacd2ec00dea757e165d0b7df87c3dc3ae92574ac735e5e4ee7f4da9
Static task
static1
Behavioral task
behavioral1
Sample
60cdab374236b2efe894bce090719365.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
60cdab374236b2efe894bce090719365.exe
Resource
win10-en-20210920
Malware Config
Extracted
smokeloader
2020
http://brandyjaggers.com/upload/
http://andbal.com/upload/
http://alotofquotes.com/upload/
http://szpnc.cn/upload/
http://uggeboots.com/upload/
http://100klv.com/upload/
http://rapmusic.at/upload/
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
60cdab374236b2efe894bce090719365
-
Size
339KB
-
MD5
60cdab374236b2efe894bce090719365
-
SHA1
fe35e203023a64e0831bdb8b4b27fc28e1feb0db
-
SHA256
0c4a2dc11b12ad8545e5397eff8bcde53238c2283905e7b49610f9cafa779800
-
SHA512
8654d91ab7c1d824c9802e2395dad3f224fc2417599c359c3d80a89b97b1331c78755369aacd2ec00dea757e165d0b7df87c3dc3ae92574ac735e5e4ee7f4da9
Score10/10-
suricata: ET MALWARE ServHelper CnC Inital Checkin
suricata: ET MALWARE ServHelper CnC Inital Checkin
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-