General
-
Target
4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6
-
Size
194KB
-
Sample
220712-cyzwysfcaj
-
MD5
f4cc45720860bc49e664d7b1b94e09ac
-
SHA1
4a653d104aeb601dd501ca7a6eb5be8c9caccb2b
-
SHA256
4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6
-
SHA512
b787db6f5cad3deef45140df7e88c80e0b835c3e31dd85e4f5882e39307e3cd19b3262d91a018df3d2f85362ed92e09371b100770813d462829e6a23227925cc
Static task
static1
Behavioral task
behavioral1
Sample
4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://mailcdn-office365.io/
http://update-vmware-service.com/
http://rocket365.to/
Targets
-
-
Target
4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6
-
Size
194KB
-
MD5
f4cc45720860bc49e664d7b1b94e09ac
-
SHA1
4a653d104aeb601dd501ca7a6eb5be8c9caccb2b
-
SHA256
4d95c7b22d409fcd1ddfc676fd70a08040bf0eaf3463c8b81383845f0da7dcb6
-
SHA512
b787db6f5cad3deef45140df7e88c80e0b835c3e31dd85e4f5882e39307e3cd19b3262d91a018df3d2f85362ed92e09371b100770813d462829e6a23227925cc
Score10/10-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-