General
-
Target
c65fa1c272dfed333cc5998c8a49afb64f1e29ee034d2028486535e7e312689d
-
Size
333KB
-
Sample
220126-zhanfsabcr
-
MD5
5442c936447943b763574d001e77a70b
-
SHA1
b0dd0c3c0642bc5c175b4ef593b14ef36a6818bb
-
SHA256
c65fa1c272dfed333cc5998c8a49afb64f1e29ee034d2028486535e7e312689d
-
SHA512
decf02649002a0e7f468a15ee074cd6bb4eed3af47167fe619cd42bd042f1c9707c9b6536ebdff12e14ac5851be2b48fc72e5a70d62c3033573d1523c1c3e83e
Static task
static1
Behavioral task
behavioral1
Sample
c65fa1c272dfed333cc5998c8a49afb64f1e29ee034d2028486535e7e312689d.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
smokeloader
2020
http://kotabuki.com/
http://slusextense.com/
http://purekidboo.com/
http://wildzipcode.biz/
Targets
-
-
Target
c65fa1c272dfed333cc5998c8a49afb64f1e29ee034d2028486535e7e312689d
-
Size
333KB
-
MD5
5442c936447943b763574d001e77a70b
-
SHA1
b0dd0c3c0642bc5c175b4ef593b14ef36a6818bb
-
SHA256
c65fa1c272dfed333cc5998c8a49afb64f1e29ee034d2028486535e7e312689d
-
SHA512
decf02649002a0e7f468a15ee074cd6bb4eed3af47167fe619cd42bd042f1c9707c9b6536ebdff12e14ac5851be2b48fc72e5a70d62c3033573d1523c1c3e83e
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-