General
-
Target
16d2593dc48f110a13f5183dc6fc41b0aac37dece66a81fcf1ce8d285620d4d7
-
Size
136KB
-
Sample
220608-254adseadn
-
MD5
2cb2182079dcc5f3d623ea3647a0833a
-
SHA1
c7c86021f19940d435a5db9ac4e7bc5b52d0eb95
-
SHA256
16d2593dc48f110a13f5183dc6fc41b0aac37dece66a81fcf1ce8d285620d4d7
-
SHA512
32be3096fac8e71a4d4710e27477574dd925a098220dc30915f77bbc8767ec99d166cbb118e6d35d24076ac777dca0a24670ab4502569243ee87a99770fe2301
Static task
static1
Behavioral task
behavioral1
Sample
16d2593dc48f110a13f5183dc6fc41b0aac37dece66a81fcf1ce8d285620d4d7.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
16d2593dc48f110a13f5183dc6fc41b0aac37dece66a81fcf1ce8d285620d4d7.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://lip4u5.se/cr/
Targets
-
-
Target
16d2593dc48f110a13f5183dc6fc41b0aac37dece66a81fcf1ce8d285620d4d7
-
Size
136KB
-
MD5
2cb2182079dcc5f3d623ea3647a0833a
-
SHA1
c7c86021f19940d435a5db9ac4e7bc5b52d0eb95
-
SHA256
16d2593dc48f110a13f5183dc6fc41b0aac37dece66a81fcf1ce8d285620d4d7
-
SHA512
32be3096fac8e71a4d4710e27477574dd925a098220dc30915f77bbc8767ec99d166cbb118e6d35d24076ac777dca0a24670ab4502569243ee87a99770fe2301
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-