General
-
Target
4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f
-
Size
288KB
-
Sample
220708-zw6ytahagj
-
MD5
0bc92a75fc68d187be62dc5922a3822f
-
SHA1
58c17080b7e55bfe31d66ad848fd54a492569a64
-
SHA256
4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f
-
SHA512
11cc4b13652635a4e9c3cf0bc992d9118852276e8d0b6afc7acc346b4233f57e807b05e15f658554d6354613cdef6f2a18d04e4923036647cdf65ccd35f6b512
Static task
static1
Behavioral task
behavioral1
Sample
4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://js0c892.se/kw/
Targets
-
-
Target
4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f
-
Size
288KB
-
MD5
0bc92a75fc68d187be62dc5922a3822f
-
SHA1
58c17080b7e55bfe31d66ad848fd54a492569a64
-
SHA256
4028a9f457a6f23b54c7982e13853c1e9a25c6691ac3537b662b6f1ecd3eb02f
-
SHA512
11cc4b13652635a4e9c3cf0bc992d9118852276e8d0b6afc7acc346b4233f57e807b05e15f658554d6354613cdef6f2a18d04e4923036647cdf65ccd35f6b512
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-