General
-
Target
4e5d804077ba8a7c49ee9a6a8840333c0a0c3245792145c47c7a1fbce7d00f60
-
Size
240KB
-
Sample
220127-demyqaeecj
-
MD5
c04847618a2ce3ab3d2e772157340d48
-
SHA1
f00fca96dfc403f5292105abc92195075eaf33ff
-
SHA256
4e5d804077ba8a7c49ee9a6a8840333c0a0c3245792145c47c7a1fbce7d00f60
-
SHA512
69fda5d895db56e2a9da4ef52904374631bdb46859f8ae6a301929136e28beb416cf9222ded28f379940c41b23abd2ebe59057876d9c9dd89bd825089edabb27
Static task
static1
Behavioral task
behavioral1
Sample
4e5d804077ba8a7c49ee9a6a8840333c0a0c3245792145c47c7a1fbce7d00f60.exe
Resource
win10-en-20211208
Malware Config
Extracted
smokeloader
2020
http://abpa.at/upload/
http://emaratghajari.com/upload/
http://d7qw.cn/upload/
http://alumik-group.ru/upload/
http://zamkikurgan.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Targets
-
-
Target
4e5d804077ba8a7c49ee9a6a8840333c0a0c3245792145c47c7a1fbce7d00f60
-
Size
240KB
-
MD5
c04847618a2ce3ab3d2e772157340d48
-
SHA1
f00fca96dfc403f5292105abc92195075eaf33ff
-
SHA256
4e5d804077ba8a7c49ee9a6a8840333c0a0c3245792145c47c7a1fbce7d00f60
-
SHA512
69fda5d895db56e2a9da4ef52904374631bdb46859f8ae6a301929136e28beb416cf9222ded28f379940c41b23abd2ebe59057876d9c9dd89bd825089edabb27
-
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND
-
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Accesses Microsoft Outlook profiles
-