General
-
Target
3abec81748ab84050896f41e184385a5543ac672634eccb71ac897d482439ace
-
Size
99KB
-
Sample
220703-xmfn6acghj
-
MD5
fa5010725d9bcd047a218c4112edcf6f
-
SHA1
ce32cb8ef79becb3119150a7d2783459a6da52c6
-
SHA256
3abec81748ab84050896f41e184385a5543ac672634eccb71ac897d482439ace
-
SHA512
3de63025c99b91b94f8e27855171a6748a952ae0275970c695262bcc21dfbd05d06b3d2a91c2dd922cb899af82f7ca7c8f6a6ae7ee93a024684bd7e08b885261
Static task
static1
Behavioral task
behavioral1
Sample
3abec81748ab84050896f41e184385a5543ac672634eccb71ac897d482439ace.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3abec81748ab84050896f41e184385a5543ac672634eccb71ac897d482439ace.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2017
http://derevo.bit/1/
http://ds12.ng/1/
Targets
-
-
Target
3abec81748ab84050896f41e184385a5543ac672634eccb71ac897d482439ace
-
Size
99KB
-
MD5
fa5010725d9bcd047a218c4112edcf6f
-
SHA1
ce32cb8ef79becb3119150a7d2783459a6da52c6
-
SHA256
3abec81748ab84050896f41e184385a5543ac672634eccb71ac897d482439ace
-
SHA512
3de63025c99b91b94f8e27855171a6748a952ae0275970c695262bcc21dfbd05d06b3d2a91c2dd922cb899af82f7ca7c8f6a6ae7ee93a024684bd7e08b885261
Score10/10-
suricata: ET MALWARE Sharik/Smoke Loader Java Connectivity Check
suricata: ET MALWARE Sharik/Smoke Loader Java Connectivity Check
-
suricata: ET MALWARE Sharik/Smoke Loader Microsoft Connectivity Check
suricata: ET MALWARE Sharik/Smoke Loader Microsoft Connectivity Check
-
Adds policy Run key to start application
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-