General
-
Target
4ba216371decc1e0a7f268f786b34d4d3aafbe5e9df44ccbd4f7efe29ec48e8b
-
Size
162KB
-
Sample
220712-k9pjcsbffq
-
MD5
ecd93bb6baab6cc33fc0356bc9a65a41
-
SHA1
c7fa01546a5407c5f652789d5960321799dc79c9
-
SHA256
4ba216371decc1e0a7f268f786b34d4d3aafbe5e9df44ccbd4f7efe29ec48e8b
-
SHA512
015e3b366b119428f6ba36f6aafdf563d49b4ddc283c1567c7ed737aeeb4d100f9d4bc786fbeab2def81bd177063f0b445d8dd58602d283296e633e34209d9b9
Static task
static1
Behavioral task
behavioral1
Sample
4ba216371decc1e0a7f268f786b34d4d3aafbe5e9df44ccbd4f7efe29ec48e8b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4ba216371decc1e0a7f268f786b34d4d3aafbe5e9df44ccbd4f7efe29ec48e8b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2018
http://proxy-exe.bit/2/
http://kiyanka.club/2/
http://d3s1.me/2/
Targets
-
-
Target
4ba216371decc1e0a7f268f786b34d4d3aafbe5e9df44ccbd4f7efe29ec48e8b
-
Size
162KB
-
MD5
ecd93bb6baab6cc33fc0356bc9a65a41
-
SHA1
c7fa01546a5407c5f652789d5960321799dc79c9
-
SHA256
4ba216371decc1e0a7f268f786b34d4d3aafbe5e9df44ccbd4f7efe29ec48e8b
-
SHA512
015e3b366b119428f6ba36f6aafdf563d49b4ddc283c1567c7ed737aeeb4d100f9d4bc786fbeab2def81bd177063f0b445d8dd58602d283296e633e34209d9b9
Score10/10-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-