General
-
Target
cb029abb2b41e175e1d5f9e9d37247e50569005c18158f133e1917a5fe1f5383
-
Size
29KB
-
Sample
221220-qv4bvscg71
-
MD5
cb4573fa9acae5c637fced7e7cb8192c
-
SHA1
d2145f53a192e768b8bfbf9b633941790424ff7f
-
SHA256
cb029abb2b41e175e1d5f9e9d37247e50569005c18158f133e1917a5fe1f5383
-
SHA512
450a7dd225a0534c78073fc4fd519af2a82fc86f78ce1e9ce92a990cc1132f26546182ec6e26880cfa75ff405bf0a682b1f0ed9cdfc3a9579b598294f89cc3cc
-
SSDEEP
768:0BCzbIqVpKx3Vy2C0Jjfp/zX+Y9Kw5LG3OILRSwEqqmhAZPg5W:0+Iqqx3VyExprXl9Kw5LGBcPma0W
Behavioral task
behavioral1
Sample
cb029abb2b41e175e1d5f9e9d37247e50569005c18158f133e1917a5fe1f5383.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
cb029abb2b41e175e1d5f9e9d37247e50569005c18158f133e1917a5fe1f5383.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
systembc
109.205.214.18:443
Targets
-
-
Target
cb029abb2b41e175e1d5f9e9d37247e50569005c18158f133e1917a5fe1f5383
-
Size
29KB
-
MD5
cb4573fa9acae5c637fced7e7cb8192c
-
SHA1
d2145f53a192e768b8bfbf9b633941790424ff7f
-
SHA256
cb029abb2b41e175e1d5f9e9d37247e50569005c18158f133e1917a5fe1f5383
-
SHA512
450a7dd225a0534c78073fc4fd519af2a82fc86f78ce1e9ce92a990cc1132f26546182ec6e26880cfa75ff405bf0a682b1f0ed9cdfc3a9579b598294f89cc3cc
-
SSDEEP
768:0BCzbIqVpKx3Vy2C0Jjfp/zX+Y9Kw5LG3OILRSwEqqmhAZPg5W:0+Iqqx3VyExprXl9Kw5LGBcPma0W
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-