General
-
Target
f2b9b5678dc253d7890a047fb2e7fd12.exe
-
Size
184KB
-
Sample
211028-nf1ajsgbgr
-
MD5
f2b9b5678dc253d7890a047fb2e7fd12
-
SHA1
a10920805fc14fc6146ca5739eccdc2a17411249
-
SHA256
146bcad83739e0468694d0db449087942ae8e26dac0044f52fe3f481587d1f7d
-
SHA512
5352eaaad96254472c3a205793ce9200d44227b538b57f32aa7edaea055b755bf54a2233cec85c586a2cafdba2a9e164b1ecf71aa4174c9d5a4c4e9bc53af0b8
Static task
static1
Behavioral task
behavioral1
Sample
f2b9b5678dc253d7890a047fb2e7fd12.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
f2b9b5678dc253d7890a047fb2e7fd12.exe
Resource
win10-en-20210920
Malware Config
Extracted
smokeloader
2020
http://brandyjaggers.com/upload/
http://andbal.com/upload/
http://alotofquotes.com/upload/
http://szpnc.cn/upload/
http://uggeboots.com/upload/
http://100klv.com/upload/
http://rapmusic.at/upload/
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Targets
-
-
Target
f2b9b5678dc253d7890a047fb2e7fd12.exe
-
Size
184KB
-
MD5
f2b9b5678dc253d7890a047fb2e7fd12
-
SHA1
a10920805fc14fc6146ca5739eccdc2a17411249
-
SHA256
146bcad83739e0468694d0db449087942ae8e26dac0044f52fe3f481587d1f7d
-
SHA512
5352eaaad96254472c3a205793ce9200d44227b538b57f32aa7edaea055b755bf54a2233cec85c586a2cafdba2a9e164b1ecf71aa4174c9d5a4c4e9bc53af0b8
Score10/10-
suricata: ET MALWARE ServHelper CnC Inital Checkin
suricata: ET MALWARE ServHelper CnC Inital Checkin
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-