General
-
Target
889ceb40b0ce50e9364d722c0e92f3cdf6e93aa2d4b16e5e7bbd445df541b065
-
Size
228KB
-
Sample
221221-lex3pafa9y
-
MD5
5cf89ba33d6c85ba6acd9cf7db505129
-
SHA1
a69559e30dbf0f651007bffc85bbb281a8d08082
-
SHA256
889ceb40b0ce50e9364d722c0e92f3cdf6e93aa2d4b16e5e7bbd445df541b065
-
SHA512
122bb7892c2d841884b65a9b99f42604ada969c1c3e80eb6118d650e3c15bd7f80f0fff08dfb08359e7dd98c606d831fedd14f2998df706291b3fb7ed2ec6a15
-
SSDEEP
6144:LK+LdU/YZilCSl9cSEyBTQAeKrw1Wzz/:LK+xgPlCSl37BEAe5Mz
Static task
static1
Malware Config
Targets
-
-
Target
889ceb40b0ce50e9364d722c0e92f3cdf6e93aa2d4b16e5e7bbd445df541b065
-
Size
228KB
-
MD5
5cf89ba33d6c85ba6acd9cf7db505129
-
SHA1
a69559e30dbf0f651007bffc85bbb281a8d08082
-
SHA256
889ceb40b0ce50e9364d722c0e92f3cdf6e93aa2d4b16e5e7bbd445df541b065
-
SHA512
122bb7892c2d841884b65a9b99f42604ada969c1c3e80eb6118d650e3c15bd7f80f0fff08dfb08359e7dd98c606d831fedd14f2998df706291b3fb7ed2ec6a15
-
SSDEEP
6144:LK+LdU/YZilCSl9cSEyBTQAeKrw1Wzz/:LK+xgPlCSl37BEAe5Mz
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-