General
-
Target
0418508dcc93da9ade2ed5dd5a18dbcea9d98b394d206abee22bad7deaed54f8.zip
-
Size
160KB
-
Sample
220222-v9179sbga3
-
MD5
2c7cc3e7f613dea6a5f835f6698f8615
-
SHA1
8ffe432e3b65e8b23ba283edae58d1aa15390e57
-
SHA256
68cfdbb6b156ddb0502ff19fe6d6f5135f13bb8f7f785167c080e3f580d1ad78
-
SHA512
da2c63d2a5392c2765f1bdbe0469d12682a803910849c8f34eec73e0d21c8bf4993ba4e719c4c0ea6a496e43eb5a251448b2c9a0bd15f5e66d19ff320554bdb6
Static task
static1
Behavioral task
behavioral1
Sample
0418508dcc93da9ade2ed5dd5a18dbcea9d98b394d206abee22bad7deaed54f8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0418508dcc93da9ade2ed5dd5a18dbcea9d98b394d206abee22bad7deaed54f8.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
smokeloader
2020
http://dollybuster.at/upload/
http://spaldingcompanies.com/upload/
http://remik-franchise.ru/upload/
http://fennsports.com/upload/
http://am1420wbec.com/upload/
http://islamic-city.com/upload/
http://egsagl.com/upload/
http://mordo.ru/upload/
http://piratia-life.ru/upload/
https://oakland-studio.video/search.php
https://seattle-university.video/search.php
Extracted
icedid
1843818144
grendafolz.com
Extracted
raccoon
9185b8c5d1dac158cc47aef92b143671d2c3a9bf
-
url4cnc
http://206.189.100.203/kernelnixbarbos
http://194.180.191.234/kernelnixbarbos
http://185.163.204.216/kernelnixbarbos
http://139.162.157.205/kernelnixbarbos
https://t.me/kernelnixbarbos
Targets
-
-
Target
0418508dcc93da9ade2ed5dd5a18dbcea9d98b394d206abee22bad7deaed54f8
-
Size
267KB
-
MD5
5478d0872828e7cc05b8c3d59877de57
-
SHA1
b8a74db005723b3431825d188ea7a03c5f7116c9
-
SHA256
0418508dcc93da9ade2ed5dd5a18dbcea9d98b394d206abee22bad7deaed54f8
-
SHA512
c09553be0d69e75bed30c572a98dc86c5373c2adbedb7be31d1fc1a45b66020b24830be1bdad077015394d8ddc40c9fdeaa687fb91e000a9764b5f5a0a7c08b2
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
IcedID First Stage Loader
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-