General
-
Target
34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993
-
Size
612KB
-
Sample
220619-z24qmscfdm
-
MD5
abd55d904c86ffdae6983031082e2666
-
SHA1
1a44a69c29ffa636533c012abefe80e1f5641627
-
SHA256
34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993
-
SHA512
c39a477db2983158ff43db453e5343c66091270c99af53fc6d3e2a206a0eda641641fab9615a76559432d49c5c4d523a03b6c7a661936304ca77048bd3218137
Static task
static1
Behavioral task
behavioral1
Sample
34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
https://popandshop.ru/
https://shopandpop.ru/
https://shoptowin.ru/
https://shopandpop.su/
http://googletime.bit/
Targets
-
-
Target
34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993
-
Size
612KB
-
MD5
abd55d904c86ffdae6983031082e2666
-
SHA1
1a44a69c29ffa636533c012abefe80e1f5641627
-
SHA256
34793b90dd01c6a5421df7fe61de7fcec17b37cea8bea4c77b4746c33339d993
-
SHA512
c39a477db2983158ff43db453e5343c66091270c99af53fc6d3e2a206a0eda641641fab9615a76559432d49c5c4d523a03b6c7a661936304ca77048bd3218137
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-