General
-
Target
46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17
-
Size
356KB
-
Sample
220707-jwrwwsaah3
-
MD5
10dd5160a2f6a3478d45db45ed5ba689
-
SHA1
e5f76fcf92d3819006213bc9c9c069f1f4f18ff8
-
SHA256
46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17
-
SHA512
46aaba0eb1c11eeb6611ae61f3d10492b0f39c6536511848532715d5128f2726f135dfb4b0b9941b7e7f2fb540f2784935f3fc4e891d7b8bb9d6ce400dc57b4d
Static task
static1
Behavioral task
behavioral1
Sample
46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://klub11n.se/zb/
Targets
-
-
Target
46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17
-
Size
356KB
-
MD5
10dd5160a2f6a3478d45db45ed5ba689
-
SHA1
e5f76fcf92d3819006213bc9c9c069f1f4f18ff8
-
SHA256
46aec41c3bc850cf147e9d2e4fad4a1b60b22c0e8d238bd67e68bc1784a42a17
-
SHA512
46aaba0eb1c11eeb6611ae61f3d10492b0f39c6536511848532715d5128f2726f135dfb4b0b9941b7e7f2fb540f2784935f3fc4e891d7b8bb9d6ce400dc57b4d
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-