General
-
Target
32aa06cf7f396aa21de0100a7ab653384e745d3eb226f5a64caaf0c972ae5383
-
Size
162KB
-
Sample
220620-ghdq1agbak
-
MD5
510e5930ee713ea2a8e8a19922f57b61
-
SHA1
54d48f08feed6bdb2cb398f7d8e1acd52b95e741
-
SHA256
32aa06cf7f396aa21de0100a7ab653384e745d3eb226f5a64caaf0c972ae5383
-
SHA512
19f1e8cbf987b877c05af230d65abee8c723424a78e94bb1298e9531a044a93e1d847f7d989006d3cc6a8ff60fbfdcdfc0311166255171f89a6b2cbcf3d4d872
Static task
static1
Behavioral task
behavioral1
Sample
32aa06cf7f396aa21de0100a7ab653384e745d3eb226f5a64caaf0c972ae5383.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
32aa06cf7f396aa21de0100a7ab653384e745d3eb226f5a64caaf0c972ae5383.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://proxy-exe.bit/2/
http://kiyanka.club/2/
http://d3s1.me/2/
Targets
-
-
Target
32aa06cf7f396aa21de0100a7ab653384e745d3eb226f5a64caaf0c972ae5383
-
Size
162KB
-
MD5
510e5930ee713ea2a8e8a19922f57b61
-
SHA1
54d48f08feed6bdb2cb398f7d8e1acd52b95e741
-
SHA256
32aa06cf7f396aa21de0100a7ab653384e745d3eb226f5a64caaf0c972ae5383
-
SHA512
19f1e8cbf987b877c05af230d65abee8c723424a78e94bb1298e9531a044a93e1d847f7d989006d3cc6a8ff60fbfdcdfc0311166255171f89a6b2cbcf3d4d872
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-