General
-
Target
170a6b093f360a18184b927ec3a52b8e84210eb935b10b951930cabf6c0f8816
-
Size
596KB
-
Sample
220608-17bgqabhfl
-
MD5
09cebcdbf7dcf531aa1dbe2b1cd659af
-
SHA1
fbae87f5e7a952ee0f21f68a293c4088a5ad3022
-
SHA256
170a6b093f360a18184b927ec3a52b8e84210eb935b10b951930cabf6c0f8816
-
SHA512
0d5f46c99cd301fcb4988ff5dd2dac1be09058ee82e132d99e89d03800e1aa783f8a1233a0a6977f2bed39315af0eced755b2f68a57f5591997014b85a9f88c0
Static task
static1
Behavioral task
behavioral1
Sample
170a6b093f360a18184b927ec3a52b8e84210eb935b10b951930cabf6c0f8816.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
170a6b093f360a18184b927ec3a52b8e84210eb935b10b951930cabf6c0f8816.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
https://popandshop.ru/
https://shopandpop.ru/
https://shoptowin.ru/
https://shopandpop.su/
http://googletime.bit/
Targets
-
-
Target
170a6b093f360a18184b927ec3a52b8e84210eb935b10b951930cabf6c0f8816
-
Size
596KB
-
MD5
09cebcdbf7dcf531aa1dbe2b1cd659af
-
SHA1
fbae87f5e7a952ee0f21f68a293c4088a5ad3022
-
SHA256
170a6b093f360a18184b927ec3a52b8e84210eb935b10b951930cabf6c0f8816
-
SHA512
0d5f46c99cd301fcb4988ff5dd2dac1be09058ee82e132d99e89d03800e1aa783f8a1233a0a6977f2bed39315af0eced755b2f68a57f5591997014b85a9f88c0
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-