General
-
Target
4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a
-
Size
357KB
-
Sample
220126-14gvbsbbbk
-
MD5
a5a3552609dd9aeb0333271b7480433f
-
SHA1
4f1f224748911e46d835eaf2f3ed30db739861c4
-
SHA256
4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a
-
SHA512
499f4111a3370f8eaa8dcc56df71d25546b5960ea3d0b3eaae2667ec58aa84b16e8a91090c250c14234930dc59b61fe169dd0dfb2344ebdb64a09303726bc07a
Static task
static1
Behavioral task
behavioral1
Sample
4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a
-
Size
357KB
-
MD5
a5a3552609dd9aeb0333271b7480433f
-
SHA1
4f1f224748911e46d835eaf2f3ed30db739861c4
-
SHA256
4da9e075945487af345cd21b7d72c39e1143c606f05943572002d2bc8839335a
-
SHA512
499f4111a3370f8eaa8dcc56df71d25546b5960ea3d0b3eaae2667ec58aa84b16e8a91090c250c14234930dc59b61fe169dd0dfb2344ebdb64a09303726bc07a
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-