General
-
Target
file.exe
-
Size
218KB
-
Sample
221220-mwnq1shc88
-
MD5
fc5b8196fdcab0454747420f33347e53
-
SHA1
e6c81c9d28dfefaec07c60485776ca8299dbb83c
-
SHA256
eb16954ee6ac8bfe1c53ee6a44d7738c302ae2ee6f3d50a34f9baaf4ff92d2c1
-
SHA512
feee13743922d97a685db172f93aa300fcb1e1a44c814d51c46461a65c4aae57dce0c6288e227ba99003200c37ab32e70c3f5aa79ef4898d97199f2bd26553ac
-
SSDEEP
3072:VloBonOLHf6CgHR6XqjhnBmK09E7Cin0Ah7b/6jpFBTnNHCDml:VaB4OL/1Z0Wi7CinV5oDCa
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
systembc
109.205.214.18:443
Targets
-
-
Target
file.exe
-
Size
218KB
-
MD5
fc5b8196fdcab0454747420f33347e53
-
SHA1
e6c81c9d28dfefaec07c60485776ca8299dbb83c
-
SHA256
eb16954ee6ac8bfe1c53ee6a44d7738c302ae2ee6f3d50a34f9baaf4ff92d2c1
-
SHA512
feee13743922d97a685db172f93aa300fcb1e1a44c814d51c46461a65c4aae57dce0c6288e227ba99003200c37ab32e70c3f5aa79ef4898d97199f2bd26553ac
-
SSDEEP
3072:VloBonOLHf6CgHR6XqjhnBmK09E7Cin0Ah7b/6jpFBTnNHCDml:VaB4OL/1Z0Wi7CinV5oDCa
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-