General
-
Target
20bce27320334129950e98b7e60d3b55ba86e94174ff8316fc48fe03b8c43585
-
Size
240KB
-
Sample
220127-ab4khscddr
-
MD5
bda013087a8132ffc38bf59af9362f50
-
SHA1
5217d721e45a3bb2a7606ce81fcf17d33aa806a6
-
SHA256
20bce27320334129950e98b7e60d3b55ba86e94174ff8316fc48fe03b8c43585
-
SHA512
a6557e218b99b8576d9601d99d1c3844eef14f624b488e90ae5bbf5491f596af758c70590df4c8dc2a54abe8073001efc54235c39309d65c12bed152ff5b629e
Static task
static1
Behavioral task
behavioral1
Sample
20bce27320334129950e98b7e60d3b55ba86e94174ff8316fc48fe03b8c43585.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
smokeloader
2020
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
20bce27320334129950e98b7e60d3b55ba86e94174ff8316fc48fe03b8c43585
-
Size
240KB
-
MD5
bda013087a8132ffc38bf59af9362f50
-
SHA1
5217d721e45a3bb2a7606ce81fcf17d33aa806a6
-
SHA256
20bce27320334129950e98b7e60d3b55ba86e94174ff8316fc48fe03b8c43585
-
SHA512
a6557e218b99b8576d9601d99d1c3844eef14f624b488e90ae5bbf5491f596af758c70590df4c8dc2a54abe8073001efc54235c39309d65c12bed152ff5b629e
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Modifies Windows Firewall
-
Sets service image path in registry
-