General
-
Target
b1d7ba149c8bd3946513f5bd15cfa1ac3c1aedf9d6b58e05a68485a9343f9073
-
Size
142KB
-
Sample
221219-gg7bxshc9w
-
MD5
60ecdb3fdb7fa590a19cffe2b2104152
-
SHA1
da991ea59a4527b9fa888d560c379511b6e5b3a6
-
SHA256
2e002e0503faf77c7e17d6355bd3c7e2fd0fbd155ee898b11524827417e35bdc
-
SHA512
033b81d93e9dfac56d9c2aa78d2d87d0615d197deee86bdd49742606b42d5c02197e756f966fc76217fe62215459625f2832e9865bf23f011e9832121aa86098
-
SSDEEP
3072:Lhoay6U/lWZ1R8R+FVU4rw8EjIJeccnOzPlUq9B1LuKuLO4W92:LCaVmwDNFyz8EjIJec3zuqZpuLvWY
Static task
static1
Behavioral task
behavioral1
Sample
b1d7ba149c8bd3946513f5bd15cfa1ac3c1aedf9d6b58e05a68485a9343f9073.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
b1d7ba149c8bd3946513f5bd15cfa1ac3c1aedf9d6b58e05a68485a9343f9073
-
Size
214KB
-
MD5
68a7eecd08bda776b56e88838847855b
-
SHA1
8181ea7ba0bc72583e9708ac51c55d2d11ea8579
-
SHA256
b1d7ba149c8bd3946513f5bd15cfa1ac3c1aedf9d6b58e05a68485a9343f9073
-
SHA512
b25b2a00e2fcbf6da4d30f6406357329a1e596319069ba7187ad061a4ce0e0d647a56def5a40f0f4e6f1edc464242a38d46e185c2348aea682ca899136afa9ae
-
SSDEEP
3072:wfiX5QL8qNDhx5RsfeK6NyW85EdNRAtOba+BnBuRD4jcbImdzmuX:yiXiL86DhQeK6Edud0KBmsjcbXF
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-