General
-
Target
93673428ab10fc2ec7e70b06232346d3efaa58db48b904bc51c1a9a9752f2238
-
Size
186KB
-
Sample
211028-rtsdmsgebq
-
MD5
cc0b6e7953afa60c22bf5b04d643bc16
-
SHA1
8bd923ade8f0b90ae4fd16208ed46400003faffe
-
SHA256
93673428ab10fc2ec7e70b06232346d3efaa58db48b904bc51c1a9a9752f2238
-
SHA512
f644b697f778afc1f6df0f8782cff161f22fb55c52c789a11658def1d3c8ee2cebf7dff3c38b20e3acba6dd27ca09898cd93c595dcf30da3db574c7b3c151fdc
Static task
static1
Behavioral task
behavioral1
Sample
93673428ab10fc2ec7e70b06232346d3efaa58db48b904bc51c1a9a9752f2238.exe
Resource
win10-en-20210920
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Extracted
smokeloader
2020
http://brandyjaggers.com/upload/
http://andbal.com/upload/
http://alotofquotes.com/upload/
http://szpnc.cn/upload/
http://uggeboots.com/upload/
http://100klv.com/upload/
http://rapmusic.at/upload/
Targets
-
-
Target
93673428ab10fc2ec7e70b06232346d3efaa58db48b904bc51c1a9a9752f2238
-
Size
186KB
-
MD5
cc0b6e7953afa60c22bf5b04d643bc16
-
SHA1
8bd923ade8f0b90ae4fd16208ed46400003faffe
-
SHA256
93673428ab10fc2ec7e70b06232346d3efaa58db48b904bc51c1a9a9752f2238
-
SHA512
f644b697f778afc1f6df0f8782cff161f22fb55c52c789a11658def1d3c8ee2cebf7dff3c38b20e3acba6dd27ca09898cd93c595dcf30da3db574c7b3c151fdc
Score10/10-
suricata: ET MALWARE ServHelper CnC Inital Checkin
suricata: ET MALWARE ServHelper CnC Inital Checkin
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-