General
-
Target
393a6fc616adbefad87e8946be9e4cce127749fde58b892e26c7c24b703efae1
-
Size
138KB
-
Sample
220625-n9h85aeaa4
-
MD5
673817bbb2672a7c4cfc1118aae648c0
-
SHA1
89ded1a96fb527828affcec59df70313ea45419e
-
SHA256
393a6fc616adbefad87e8946be9e4cce127749fde58b892e26c7c24b703efae1
-
SHA512
8fcd0fc02f32c6e308bf493f77f6b8f75d92b1ef97f9b41fefc814a8686638c32deed4adae795df82557a950ff5152c924037d1b63f6220843c280b1ac49ec9a
Static task
static1
Behavioral task
behavioral1
Sample
393a6fc616adbefad87e8946be9e4cce127749fde58b892e26c7c24b703efae1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
393a6fc616adbefad87e8946be9e4cce127749fde58b892e26c7c24b703efae1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://nhocbo.bit/
http://nhocbo.ru/
Targets
-
-
Target
393a6fc616adbefad87e8946be9e4cce127749fde58b892e26c7c24b703efae1
-
Size
138KB
-
MD5
673817bbb2672a7c4cfc1118aae648c0
-
SHA1
89ded1a96fb527828affcec59df70313ea45419e
-
SHA256
393a6fc616adbefad87e8946be9e4cce127749fde58b892e26c7c24b703efae1
-
SHA512
8fcd0fc02f32c6e308bf493f77f6b8f75d92b1ef97f9b41fefc814a8686638c32deed4adae795df82557a950ff5152c924037d1b63f6220843c280b1ac49ec9a
Score10/10-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-