General
-
Target
file.exe
-
Size
211KB
-
Sample
221103-zcz16aehc3
-
MD5
a9442b076e2b0aa0022616c7cbc20d0b
-
SHA1
dfb7193fa38ba75574a72c4a8992207ea2af9299
-
SHA256
a580a0d34202ae292f90ce0522cbfcc48fcc6dc274e94c6f7843950eb213499d
-
SHA512
9c69ad04fffdf2003d1f92551a3c1eb238667260786e12b642b81de319c2277688eb32778e98e677aa4e0c5d3d652ba0aca6dabbeb870ed110ce5210daa0bcf2
-
SSDEEP
3072:G3k/Y5vDBhOfWLr3vRjm6PVJ5uZcWYR5kyVBURk+CqjLCCzwzKHjD/fRMMCsx:G3aAVhOeLrfxm0UKTVBUO+cCzhfRMMF
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
systembc
89.248.165.79:443
Targets
-
-
Target
file.exe
-
Size
211KB
-
MD5
a9442b076e2b0aa0022616c7cbc20d0b
-
SHA1
dfb7193fa38ba75574a72c4a8992207ea2af9299
-
SHA256
a580a0d34202ae292f90ce0522cbfcc48fcc6dc274e94c6f7843950eb213499d
-
SHA512
9c69ad04fffdf2003d1f92551a3c1eb238667260786e12b642b81de319c2277688eb32778e98e677aa4e0c5d3d652ba0aca6dabbeb870ed110ce5210daa0bcf2
-
SSDEEP
3072:G3k/Y5vDBhOfWLr3vRjm6PVJ5uZcWYR5kyVBURk+CqjLCCzwzKHjD/fRMMCsx:G3aAVhOeLrfxm0UKTVBUO+cCzhfRMMF
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-