General
-
Target
c226814ae19db524044c01641093716c32cf5bc763e52fc750aa919b74e68593
-
Size
333KB
-
Sample
220126-qvlrtadcal
-
MD5
9346bf0c07dfbb8587c0ee3eaaad88f6
-
SHA1
2ee8e4cee87b7d187e1c56a761ebe1d8cf0c53c0
-
SHA256
c226814ae19db524044c01641093716c32cf5bc763e52fc750aa919b74e68593
-
SHA512
c6fffa6c95fb3e49bc349a4c508109c17b8d5b2a4d2b6b03402861bfb3d36b75c2762811a7348ec0d9fadb071ea34a2dc037fec1219f4ec49b7d486d9a62be40
Static task
static1
Behavioral task
behavioral1
Sample
c226814ae19db524044c01641093716c32cf5bc763e52fc750aa919b74e68593.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
smokeloader
2020
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
c226814ae19db524044c01641093716c32cf5bc763e52fc750aa919b74e68593
-
Size
333KB
-
MD5
9346bf0c07dfbb8587c0ee3eaaad88f6
-
SHA1
2ee8e4cee87b7d187e1c56a761ebe1d8cf0c53c0
-
SHA256
c226814ae19db524044c01641093716c32cf5bc763e52fc750aa919b74e68593
-
SHA512
c6fffa6c95fb3e49bc349a4c508109c17b8d5b2a4d2b6b03402861bfb3d36b75c2762811a7348ec0d9fadb071ea34a2dc037fec1219f4ec49b7d486d9a62be40
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Modifies Windows Firewall
-
Sets service image path in registry
-