General
-
Target
21b6917dbd6c7792706156ff1dc72884e12f7e1d9d1b7cb24a0ff8f70d8d0e60
-
Size
632KB
-
Sample
220612-jjvf9agch3
-
MD5
6076c69dd79142ee692e3a22e2d3008f
-
SHA1
ff02763a1a0aa0d64eb363f064f2bc8d7472621a
-
SHA256
21b6917dbd6c7792706156ff1dc72884e12f7e1d9d1b7cb24a0ff8f70d8d0e60
-
SHA512
40cc6901c8cc783c9efbcb00f3c3a1f96e1a1baed73eda1ff475be49fc9c1780427c1594ef9602052ab8b7df3028c07cf2499b0c548309e436c1c26759391dfd
Static task
static1
Behavioral task
behavioral1
Sample
21b6917dbd6c7792706156ff1dc72884e12f7e1d9d1b7cb24a0ff8f70d8d0e60.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
21b6917dbd6c7792706156ff1dc72884e12f7e1d9d1b7cb24a0ff8f70d8d0e60.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
https://popandshop.ru/
https://shopandpop.ru/
https://shoptowin.ru/
https://shopandpop.su/
http://googletime.bit/
Targets
-
-
Target
21b6917dbd6c7792706156ff1dc72884e12f7e1d9d1b7cb24a0ff8f70d8d0e60
-
Size
632KB
-
MD5
6076c69dd79142ee692e3a22e2d3008f
-
SHA1
ff02763a1a0aa0d64eb363f064f2bc8d7472621a
-
SHA256
21b6917dbd6c7792706156ff1dc72884e12f7e1d9d1b7cb24a0ff8f70d8d0e60
-
SHA512
40cc6901c8cc783c9efbcb00f3c3a1f96e1a1baed73eda1ff475be49fc9c1780427c1594ef9602052ab8b7df3028c07cf2499b0c548309e436c1c26759391dfd
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-