General
-
Target
35fc3628ea0d1df64b7ae0ad426047c7af8d283b9b5b5b08dce6db3508a5c579
-
Size
560KB
-
Sample
220626-2c2abschap
-
MD5
6c24e1fd35f2b2430e650ecea3c01f03
-
SHA1
d8585788cc0fb1c70e98287e2123d529ebbc35a3
-
SHA256
35fc3628ea0d1df64b7ae0ad426047c7af8d283b9b5b5b08dce6db3508a5c579
-
SHA512
6b25dda738348d85f6152fc3797c35e6a03f8b95306a1b4a0920bc18cd8e10dc3afeee22a00808886efbff19308b89648f9ab600f9feaeccbf8a06db5f5a071d
Static task
static1
Behavioral task
behavioral1
Sample
35fc3628ea0d1df64b7ae0ad426047c7af8d283b9b5b5b08dce6db3508a5c579.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
35fc3628ea0d1df64b7ae0ad426047c7af8d283b9b5b5b08dce6db3508a5c579.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
https://wintoshop.ug/
https://shoptowin.ru/
https://shopandpop.su/
https://shoptofree.ru/
http://googletime.bit/
Targets
-
-
Target
35fc3628ea0d1df64b7ae0ad426047c7af8d283b9b5b5b08dce6db3508a5c579
-
Size
560KB
-
MD5
6c24e1fd35f2b2430e650ecea3c01f03
-
SHA1
d8585788cc0fb1c70e98287e2123d529ebbc35a3
-
SHA256
35fc3628ea0d1df64b7ae0ad426047c7af8d283b9b5b5b08dce6db3508a5c579
-
SHA512
6b25dda738348d85f6152fc3797c35e6a03f8b95306a1b4a0920bc18cd8e10dc3afeee22a00808886efbff19308b89648f9ab600f9feaeccbf8a06db5f5a071d
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-