General
-
Target
bd2faaa3e1211c9a88db69a5265b03e1.exe
-
Size
271KB
-
Sample
220222-r7719aabc2
-
MD5
bd2faaa3e1211c9a88db69a5265b03e1
-
SHA1
849b918144f5fda0226921a2b5bbaa0176662111
-
SHA256
93c049876b916ec5034d9884338be59b11bce8a74f4d0bea329a3ed028c41b88
-
SHA512
56c5beff62a02da78b93102411fb8ff77897b3e12d08cc52d3b6b37bfc15a882e32c0822539ab8b4a1b7e4a08d4d196cf5d289670c19183878f9d4ac1d43c298
Static task
static1
Behavioral task
behavioral1
Sample
bd2faaa3e1211c9a88db69a5265b03e1.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
bd2faaa3e1211c9a88db69a5265b03e1.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
smokeloader
2020
http://pjure.at/upload/
http://puffersweiven.com/upload/
http://algrcabel.ru/upload/
http://pelangiqq99.com/upload/
http://elsaunny.com/upload/
http://korphoto.com/upload/
http://hangxachtaythodoan.com/upload/
http://pkodev.net/upload/
http://go-piratia.ru/upload/
http://piratia.su/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Extracted
icedid
1843818144
grendafolz.com
Targets
-
-
Target
bd2faaa3e1211c9a88db69a5265b03e1.exe
-
Size
271KB
-
MD5
bd2faaa3e1211c9a88db69a5265b03e1
-
SHA1
849b918144f5fda0226921a2b5bbaa0176662111
-
SHA256
93c049876b916ec5034d9884338be59b11bce8a74f4d0bea329a3ed028c41b88
-
SHA512
56c5beff62a02da78b93102411fb8ff77897b3e12d08cc52d3b6b37bfc15a882e32c0822539ab8b4a1b7e4a08d4d196cf5d289670c19183878f9d4ac1d43c298
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
IcedID First Stage Loader
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-