General
-
Target
42aec72d4816c9727dd1791dfd4d0ec3e0bf80781f5754a7d176cf2538b19747
-
Size
148KB
-
Sample
220708-b57dyacbhj
-
MD5
30f46729dd54c7aa3a5bf16ea9ab0942
-
SHA1
8ce86943b96bb791cb15c4ee0cf96f7803119a0b
-
SHA256
42aec72d4816c9727dd1791dfd4d0ec3e0bf80781f5754a7d176cf2538b19747
-
SHA512
46a91c349af82daf573b58c3ff4d9c43f8f9a158ecbf76e080dcbcf7b3466d9004d037e40629b34423f1ab34da0162026d6c7f0fdd5c4cbc4cf7384efe8e38ef
Static task
static1
Behavioral task
behavioral1
Sample
42aec72d4816c9727dd1791dfd4d0ec3e0bf80781f5754a7d176cf2538b19747.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
42aec72d4816c9727dd1791dfd4d0ec3e0bf80781f5754a7d176cf2538b19747.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://lorriesconcomitant.icu/
http://hissscomplacence.icu/
http://taneymci.icu/
Targets
-
-
Target
42aec72d4816c9727dd1791dfd4d0ec3e0bf80781f5754a7d176cf2538b19747
-
Size
148KB
-
MD5
30f46729dd54c7aa3a5bf16ea9ab0942
-
SHA1
8ce86943b96bb791cb15c4ee0cf96f7803119a0b
-
SHA256
42aec72d4816c9727dd1791dfd4d0ec3e0bf80781f5754a7d176cf2538b19747
-
SHA512
46a91c349af82daf573b58c3ff4d9c43f8f9a158ecbf76e080dcbcf7b3466d9004d037e40629b34423f1ab34da0162026d6c7f0fdd5c4cbc4cf7384efe8e38ef
Score10/10-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-