General
-
Target
e3bdb5a60e2574eb5796d3d471979b3a8e8bd5223d72560f74d4e5c0fbe25dc6
-
Size
186KB
-
Sample
211028-sk9r1agefr
-
MD5
77402ae9e6880f83a282662fbfdea75c
-
SHA1
655495fab60a558634040b83cefe927c3cfa7578
-
SHA256
e3bdb5a60e2574eb5796d3d471979b3a8e8bd5223d72560f74d4e5c0fbe25dc6
-
SHA512
01f179c698e96fb1118ea08a40e96f941cebbf5386f980f832e5339b65c48486fff317208ec5ec50ca9f704bac39960f5d95d92173310cd7992dea6ea3ad29ad
Static task
static1
Behavioral task
behavioral1
Sample
e3bdb5a60e2574eb5796d3d471979b3a8e8bd5223d72560f74d4e5c0fbe25dc6.exe
Resource
win10-en-20210920
Malware Config
Extracted
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1
Extracted
smokeloader
2020
http://brandyjaggers.com/upload/
http://andbal.com/upload/
http://alotofquotes.com/upload/
http://szpnc.cn/upload/
http://uggeboots.com/upload/
http://100klv.com/upload/
http://rapmusic.at/upload/
Targets
-
-
Target
e3bdb5a60e2574eb5796d3d471979b3a8e8bd5223d72560f74d4e5c0fbe25dc6
-
Size
186KB
-
MD5
77402ae9e6880f83a282662fbfdea75c
-
SHA1
655495fab60a558634040b83cefe927c3cfa7578
-
SHA256
e3bdb5a60e2574eb5796d3d471979b3a8e8bd5223d72560f74d4e5c0fbe25dc6
-
SHA512
01f179c698e96fb1118ea08a40e96f941cebbf5386f980f832e5339b65c48486fff317208ec5ec50ca9f704bac39960f5d95d92173310cd7992dea6ea3ad29ad
Score10/10-
suricata: ET MALWARE ServHelper CnC Inital Checkin
suricata: ET MALWARE ServHelper CnC Inital Checkin
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Grants admin privileges
Uses net.exe to modify the user's privileges.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies RDP port number used by Windows
-
Sets DLL path for service in the registry
-
Deletes itself
-
Loads dropped DLL
-