General
-
Target
39db8f99f438c93f7c1884efd0174499cae4ed0f972ee35bce41d0aa02a485e4
-
Size
2.4MB
-
Sample
220625-jqlspaebd4
-
MD5
3d7c637e0e04b7f9e10414c227a2f102
-
SHA1
08e66ae0af9b16775fe9b614e2ed864934b74b2b
-
SHA256
39db8f99f438c93f7c1884efd0174499cae4ed0f972ee35bce41d0aa02a485e4
-
SHA512
6e74ddf4e7e16e00bc8e60bf09ebbd9a0d29475c2cf20dafd8c7d5a82b1b3cb0083667a8b0de015f0eb88e8a46fced28856a315a7053a725b4dea9b528665373
Static task
static1
Behavioral task
behavioral1
Sample
39db8f99f438c93f7c1884efd0174499cae4ed0f972ee35bce41d0aa02a485e4.exe
Resource
win7-20220414-en
Malware Config
Extracted
smokeloader
2018
http://converadm.bit/
Targets
-
-
Target
39db8f99f438c93f7c1884efd0174499cae4ed0f972ee35bce41d0aa02a485e4
-
Size
2.4MB
-
MD5
3d7c637e0e04b7f9e10414c227a2f102
-
SHA1
08e66ae0af9b16775fe9b614e2ed864934b74b2b
-
SHA256
39db8f99f438c93f7c1884efd0174499cae4ed0f972ee35bce41d0aa02a485e4
-
SHA512
6e74ddf4e7e16e00bc8e60bf09ebbd9a0d29475c2cf20dafd8c7d5a82b1b3cb0083667a8b0de015f0eb88e8a46fced28856a315a7053a725b4dea9b528665373
-
XMRig Miner Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-