General
-
Target
4bb1e4c3bbca1ba45bfe8d7fd4a34952c25d75d1a42e9ec57f4d36d80b9d7a09
-
Size
356KB
-
Sample
220712-k2c6cseag9
-
MD5
665e68c79d8741c8526dec8a933c12eb
-
SHA1
16e8250ac2e0f92810432054bec81aecd1df6d8e
-
SHA256
4bb1e4c3bbca1ba45bfe8d7fd4a34952c25d75d1a42e9ec57f4d36d80b9d7a09
-
SHA512
395cfc1295fbfb01a7a2b883a84849a1035b843adcc00d4638a08ac6604f3947dcd993ac11f5c258f60a86977083a8901ac584c41bfee82ec72c0daae5c9de43
Static task
static1
Behavioral task
behavioral1
Sample
4bb1e4c3bbca1ba45bfe8d7fd4a34952c25d75d1a42e9ec57f4d36d80b9d7a09.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4bb1e4c3bbca1ba45bfe8d7fd4a34952c25d75d1a42e9ec57f4d36d80b9d7a09.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://klub11n.se/kp/
Targets
-
-
Target
4bb1e4c3bbca1ba45bfe8d7fd4a34952c25d75d1a42e9ec57f4d36d80b9d7a09
-
Size
356KB
-
MD5
665e68c79d8741c8526dec8a933c12eb
-
SHA1
16e8250ac2e0f92810432054bec81aecd1df6d8e
-
SHA256
4bb1e4c3bbca1ba45bfe8d7fd4a34952c25d75d1a42e9ec57f4d36d80b9d7a09
-
SHA512
395cfc1295fbfb01a7a2b883a84849a1035b843adcc00d4638a08ac6604f3947dcd993ac11f5c258f60a86977083a8901ac584c41bfee82ec72c0daae5c9de43
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-