General
-
Target
0d7e629a980cd23f3d034cfe66a60c1017c04adfb3a86f8cb8075024121dc5c1
-
Size
251KB
-
Sample
230323-h535vagb7v
-
MD5
70f438dd905dc77cc7a08407b3524de1
-
SHA1
fd48a725a4889eecd0c97d49ff1953ba3008cfe7
-
SHA256
0d7e629a980cd23f3d034cfe66a60c1017c04adfb3a86f8cb8075024121dc5c1
-
SHA512
366ce2affc0a4f9db095a06ebb5de82d637d2cd38b95f6375e3ef616b78a7173b2356e3b9750a5e73fedde83a356fab07855f07e1ff60363e6936ee7ac38d3c2
-
SSDEEP
3072:IFd1azEWSjRf7cYKLvrGPw8USZOQvFhLtR3+SN5hhftE:AMKgYKLvSLZNvFBtZhh
Static task
static1
Malware Config
Extracted
smokeloader
sprg
Extracted
smokeloader
2022
http://hoh0aeghwugh2gie.com/
http://hie7doodohpae4na.com/
http://aek0aicifaloh1yo.com/
http://yic0oosaeiy7ahng.com/
http://wa5zu7sekai8xeih.com/
Targets
-
-
Target
0d7e629a980cd23f3d034cfe66a60c1017c04adfb3a86f8cb8075024121dc5c1
-
Size
251KB
-
MD5
70f438dd905dc77cc7a08407b3524de1
-
SHA1
fd48a725a4889eecd0c97d49ff1953ba3008cfe7
-
SHA256
0d7e629a980cd23f3d034cfe66a60c1017c04adfb3a86f8cb8075024121dc5c1
-
SHA512
366ce2affc0a4f9db095a06ebb5de82d637d2cd38b95f6375e3ef616b78a7173b2356e3b9750a5e73fedde83a356fab07855f07e1ff60363e6936ee7ac38d3c2
-
SSDEEP
3072:IFd1azEWSjRf7cYKLvrGPw8USZOQvFhLtR3+SN5hhftE:AMKgYKLvSLZNvFBtZhh
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-