General
-
Target
75c776cde19a4520608cc886704eb2623b274c6d7662079a292370d03a82c61e
-
Size
319KB
-
Sample
221210-jxfv1sfb39
-
MD5
7e41f5753ed8d35687df470f3409bad1
-
SHA1
43080c7f6bd0c2458342d6f92c58e9491f5b5d02
-
SHA256
75c776cde19a4520608cc886704eb2623b274c6d7662079a292370d03a82c61e
-
SHA512
8de8644976af6fc6a0c3e9515f1e9c9419390bb12583ea63b8945a502963637e02ff87e7f081323a5eb09fe24af138a70a325f0cc13e20353198eb3917d41185
-
SSDEEP
3072:wXuWAqqLvVZePF6CcL5mRR9pmePA0qabKZXwqTiKdwTeB9yyOYW6Al2IYInW:klA1LSPF6CcAfVPTKFdDwTO9iflXYCW
Static task
static1
Behavioral task
behavioral1
Sample
75c776cde19a4520608cc886704eb2623b274c6d7662079a292370d03a82c61e.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
75c776cde19a4520608cc886704eb2623b274c6d7662079a292370d03a82c61e
-
Size
319KB
-
MD5
7e41f5753ed8d35687df470f3409bad1
-
SHA1
43080c7f6bd0c2458342d6f92c58e9491f5b5d02
-
SHA256
75c776cde19a4520608cc886704eb2623b274c6d7662079a292370d03a82c61e
-
SHA512
8de8644976af6fc6a0c3e9515f1e9c9419390bb12583ea63b8945a502963637e02ff87e7f081323a5eb09fe24af138a70a325f0cc13e20353198eb3917d41185
-
SSDEEP
3072:wXuWAqqLvVZePF6CcL5mRR9pmePA0qabKZXwqTiKdwTeB9yyOYW6Al2IYInW:klA1LSPF6CcAfVPTKFdDwTO9iflXYCW
-
Babadeda Crypter
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-