General
-
Target
75fac9f347e7490c982648933dcbd2ac988c8f8b551c5faa82a9c3646a747712
-
Size
187KB
-
Sample
211028-rwsgesgecm
-
MD5
93ccc8fe4a66aca193fbaaf89f7f5ac0
-
SHA1
ba91330f658816bd7bd0904149e9de4bb8d048db
-
SHA256
75fac9f347e7490c982648933dcbd2ac988c8f8b551c5faa82a9c3646a747712
-
SHA512
c6a0e7a5a780a4ae3f52ecf953f3df2b009dcd1d2356914cb79a9a074b62ad1b0e1eb0795f56ac698238a3a7e081f605889f0114c6f0924ca67717d313c60e02
Static task
static1
Behavioral task
behavioral1
Sample
75fac9f347e7490c982648933dcbd2ac988c8f8b551c5faa82a9c3646a747712.exe
Resource
win10-en-20211014
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Extracted
smokeloader
2020
http://brandyjaggers.com/upload/
http://andbal.com/upload/
http://alotofquotes.com/upload/
http://szpnc.cn/upload/
http://uggeboots.com/upload/
http://100klv.com/upload/
http://rapmusic.at/upload/
Targets
-
-
Target
75fac9f347e7490c982648933dcbd2ac988c8f8b551c5faa82a9c3646a747712
-
Size
187KB
-
MD5
93ccc8fe4a66aca193fbaaf89f7f5ac0
-
SHA1
ba91330f658816bd7bd0904149e9de4bb8d048db
-
SHA256
75fac9f347e7490c982648933dcbd2ac988c8f8b551c5faa82a9c3646a747712
-
SHA512
c6a0e7a5a780a4ae3f52ecf953f3df2b009dcd1d2356914cb79a9a074b62ad1b0e1eb0795f56ac698238a3a7e081f605889f0114c6f0924ca67717d313c60e02
Score10/10-
suricata: ET MALWARE ServHelper CnC Inital Checkin
suricata: ET MALWARE ServHelper CnC Inital Checkin
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-