General
-
Target
ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90
-
Size
259KB
-
Sample
220701-esvfdsbefk
-
MD5
e78a17b913abb7f5b276e993a4fbfa39
-
SHA1
9af3fa3a1d3db32ebdb0fef5d47ebc87c1d7d9a3
-
SHA256
ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90
-
SHA512
c938a1541dd102e13f87ce5344d013c73a2177c40a5268b042ba2780600feb0bc23ff9f71aacba7aaab093d9d17c3bbcf0ca53216b9f9cd374318435f00f9b87
Static task
static1
Behavioral task
behavioral1
Sample
ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://taj.co.ug/
Targets
-
-
Target
ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90
-
Size
259KB
-
MD5
e78a17b913abb7f5b276e993a4fbfa39
-
SHA1
9af3fa3a1d3db32ebdb0fef5d47ebc87c1d7d9a3
-
SHA256
ad5575b868f6e3ae0471dc7c846aaee2a4fb496c16740cb69ae63576047e4d90
-
SHA512
c938a1541dd102e13f87ce5344d013c73a2177c40a5268b042ba2780600feb0bc23ff9f71aacba7aaab093d9d17c3bbcf0ca53216b9f9cd374318435f00f9b87
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-