General
-
Target
file.exe
-
Size
218KB
-
Sample
221220-qphszahe89
-
MD5
16b1904a41d5a106d93914dd3e6e71be
-
SHA1
4f2a08f73cfe51f363760578588b19765eb36ec8
-
SHA256
5234114873c908014335c999b048382d2f1e68ef3cf98ff14e30e04a269126f7
-
SHA512
3a75d7d713b6382cc4720003bb8cfc7e2814ad9478ef7d6ded0f5b3bdfc59d6e5a7fda10fab7cd9a2231f57683e199fe7954e0e4ec19fc54c6ff8b42a2928e9a
-
SSDEEP
3072:+NCxFYH1LI/4GHR7uvUZi6eVwCll7c58u7b/fOp2NHCDml:+02VLk40AUQcsc58mHkECa
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
systembc
109.205.214.18:443
Targets
-
-
Target
file.exe
-
Size
218KB
-
MD5
16b1904a41d5a106d93914dd3e6e71be
-
SHA1
4f2a08f73cfe51f363760578588b19765eb36ec8
-
SHA256
5234114873c908014335c999b048382d2f1e68ef3cf98ff14e30e04a269126f7
-
SHA512
3a75d7d713b6382cc4720003bb8cfc7e2814ad9478ef7d6ded0f5b3bdfc59d6e5a7fda10fab7cd9a2231f57683e199fe7954e0e4ec19fc54c6ff8b42a2928e9a
-
SSDEEP
3072:+NCxFYH1LI/4GHR7uvUZi6eVwCll7c58u7b/fOp2NHCDml:+02VLk40AUQcsc58mHkECa
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-