General
-
Target
ff3a2f36acd2e6ac2ff9d8fbca3689da2260b52fb46acc2b116a74f996a7038f
-
Size
166KB
-
Sample
220701-hw58vaagc7
-
MD5
ae41e8e98cd8ba4856f463ffc4ee1d50
-
SHA1
61c9952e0596efd1a49461c9f9dc761618e37ec4
-
SHA256
ff3a2f36acd2e6ac2ff9d8fbca3689da2260b52fb46acc2b116a74f996a7038f
-
SHA512
d38715d96b11d8cedad0a44fdecf981b251922be9ecc420d332153c1afc0eec4ca566de6f6ba04c21fc67006e56bc76950e7fd9321c0a648201fe51a92ce7789
Static task
static1
Behavioral task
behavioral1
Sample
ff3a2f36acd2e6ac2ff9d8fbca3689da2260b52fb46acc2b116a74f996a7038f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ff3a2f36acd2e6ac2ff9d8fbca3689da2260b52fb46acc2b116a74f996a7038f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://extraterrestrial.is/
http://extraterrestrial5.ru/
Targets
-
-
Target
ff3a2f36acd2e6ac2ff9d8fbca3689da2260b52fb46acc2b116a74f996a7038f
-
Size
166KB
-
MD5
ae41e8e98cd8ba4856f463ffc4ee1d50
-
SHA1
61c9952e0596efd1a49461c9f9dc761618e37ec4
-
SHA256
ff3a2f36acd2e6ac2ff9d8fbca3689da2260b52fb46acc2b116a74f996a7038f
-
SHA512
d38715d96b11d8cedad0a44fdecf981b251922be9ecc420d332153c1afc0eec4ca566de6f6ba04c21fc67006e56bc76950e7fd9321c0a648201fe51a92ce7789
Score10/10-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-