General
-
Target
file.exe
-
Size
219KB
-
Sample
221221-km58lafa5v
-
MD5
af89a5eddc4439ca0935391a6632b04d
-
SHA1
949f47250dab6df77ac228ef7611b5552b97f64f
-
SHA256
f380226c6bc0023ecad559e1e7fca052c21d26630130fa598c04f495737bc60e
-
SHA512
052473a2505fec50c3ec33fdbc628833039a3f9d211d177017fb88c0f9c76c1158eda8877fc97c64017f46f01aa8acbf9bf7850463fb8a8107d6e2cad95389ec
-
SSDEEP
3072:H16AdgLSdU15hsk/rEEAomp5bpS7njMTROL1TW8zkqWzgKr/so:wASLwb0mPbejlBTWEkqWzz/
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
219KB
-
MD5
af89a5eddc4439ca0935391a6632b04d
-
SHA1
949f47250dab6df77ac228ef7611b5552b97f64f
-
SHA256
f380226c6bc0023ecad559e1e7fca052c21d26630130fa598c04f495737bc60e
-
SHA512
052473a2505fec50c3ec33fdbc628833039a3f9d211d177017fb88c0f9c76c1158eda8877fc97c64017f46f01aa8acbf9bf7850463fb8a8107d6e2cad95389ec
-
SSDEEP
3072:H16AdgLSdU15hsk/rEEAomp5bpS7njMTROL1TW8zkqWzgKr/so:wASLwb0mPbejlBTWEkqWzz/
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-