General
-
Target
f2b2282a889ead254365b72132d7afd29bd59efd3d60d5669e08f87a639c5ece
-
Size
262KB
-
Sample
220125-t135tsahcm
-
MD5
bc40f27825365026cbec6c48b5ce10d9
-
SHA1
aee0add1e95c97a9a3b659a9dbf490db66f60a05
-
SHA256
f2b2282a889ead254365b72132d7afd29bd59efd3d60d5669e08f87a639c5ece
-
SHA512
9a4720a3985c32017585c0fd72aa0ab8a2481f39effee8276eafa973a36890b92ffa355a97bea68038e1c8ff0f19fb84602747b8fdad417f6bd1ea95efd651bc
Static task
static1
Behavioral task
behavioral1
Sample
f2b2282a889ead254365b72132d7afd29bd59efd3d60d5669e08f87a639c5ece.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
smokeloader
2020
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
f2b2282a889ead254365b72132d7afd29bd59efd3d60d5669e08f87a639c5ece
-
Size
262KB
-
MD5
bc40f27825365026cbec6c48b5ce10d9
-
SHA1
aee0add1e95c97a9a3b659a9dbf490db66f60a05
-
SHA256
f2b2282a889ead254365b72132d7afd29bd59efd3d60d5669e08f87a639c5ece
-
SHA512
9a4720a3985c32017585c0fd72aa0ab8a2481f39effee8276eafa973a36890b92ffa355a97bea68038e1c8ff0f19fb84602747b8fdad417f6bd1ea95efd651bc
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-