General
-
Target
179d7cf2c6e16d7247aa3e2dc54c7c3cb4e2c04eeef43ec26d181b476a582333
-
Size
191KB
-
Sample
220608-y5t5yabgc9
-
MD5
98e4e3abda01fbfa7580166b057f8854
-
SHA1
a3b2f315b2c9ad0f73e21fa07f63d2ca6431362f
-
SHA256
179d7cf2c6e16d7247aa3e2dc54c7c3cb4e2c04eeef43ec26d181b476a582333
-
SHA512
53438154c43b0f00c0e1270220b24be41c38a55e05f56a3109b9c0e32a540a7e6f295d568975802222ffe74a947cba1dc198515bd5b95721b74afcce0d4dc373
Static task
static1
Behavioral task
behavioral1
Sample
179d7cf2c6e16d7247aa3e2dc54c7c3cb4e2c04eeef43ec26d181b476a582333.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
179d7cf2c6e16d7247aa3e2dc54c7c3cb4e2c04eeef43ec26d181b476a582333.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://mailcdn-office365.io/
http://update-vmware-service.com/
http://rocket365.to/
Targets
-
-
Target
179d7cf2c6e16d7247aa3e2dc54c7c3cb4e2c04eeef43ec26d181b476a582333
-
Size
191KB
-
MD5
98e4e3abda01fbfa7580166b057f8854
-
SHA1
a3b2f315b2c9ad0f73e21fa07f63d2ca6431362f
-
SHA256
179d7cf2c6e16d7247aa3e2dc54c7c3cb4e2c04eeef43ec26d181b476a582333
-
SHA512
53438154c43b0f00c0e1270220b24be41c38a55e05f56a3109b9c0e32a540a7e6f295d568975802222ffe74a947cba1dc198515bd5b95721b74afcce0d4dc373
Score10/10-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-