General
-
Target
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82
-
Size
42KB
-
Sample
220707-wsjsbsgca6
-
MD5
31e8b83c5de470dabb7d1e7c0e980ccc
-
SHA1
4c231411776059620fc4ee5f703296451ed5797d
-
SHA256
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82
-
SHA512
65461eb6e9fc544de135a30f019de5f9bd80d5f8b693850d469b1c928ed00dd9be444b42fecc9e07d4ddd4b0bd4ddd32f01eb6c38c7386f040e0c916c4597c23
Static task
static1
Behavioral task
behavioral1
Sample
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://servicecredits1.4irc.com/
http://servicecredits2.4irc.com/
http://servicecredits3.4irc.com/
http://servicecredits4.4irc.com/
http://servicecredits5.4irc.com/
http://servicecredits6.4irc.com/
http://servicecredits7.4irc.com/
http://servicecredits8.4irc.com/
http://servicecredits9.4irc.com/
http://servicecredits10.4irc.com/
http://servicecredits11.4irc.com/
http://servicecredits12.4irc.com/
http://servicecredits13.4irc.com/
http://servicecredits14.4irc.com/
http://servicecredits15.4irc.com/
http://servicecredits16.4irc.com/
http://servicecredits17.4irc.com/
http://servicecredits18.4irc.com/
http://servicecredits19.4irc.com/
http://servicecredits20.4irc.com/
http://servicecredits21.4irc.com/
http://servicecredits22.4irc.com/
http://servicecredits23.4irc.com/
http://servicecredits24.4irc.com/
http://servicecredits25.4irc.com/
http://servicecredits26.4irc.com/
http://servicecredits27.4irc.com/
http://servicecredits28.4irc.com/
http://servicecredits29.4irc.com/
http://servicecredits30.4irc.com/
http://servicecredits31.4irc.com/
http://servicecredits32.4irc.com/
Targets
-
-
Target
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82
-
Size
42KB
-
MD5
31e8b83c5de470dabb7d1e7c0e980ccc
-
SHA1
4c231411776059620fc4ee5f703296451ed5797d
-
SHA256
f36d5900e6a646e6c35c4961736742f6583b3437ac7c8adc81f388ab38ea7d82
-
SHA512
65461eb6e9fc544de135a30f019de5f9bd80d5f8b693850d469b1c928ed00dd9be444b42fecc9e07d4ddd4b0bd4ddd32f01eb6c38c7386f040e0c916c4597c23
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-