General
-
Target
6908e5f4f40f67ecf2c8f0bb29bae77f.bin
-
Size
164KB
-
Sample
230328-b3jj4aab6z
-
MD5
7b067592af29476f94ee7cdbf8cb1bac
-
SHA1
dba53575100c7df9c1d244aaad7c08a1d127cbba
-
SHA256
1e9986c68209736fbca78fdcb99f318f4ef8522382c12dd75d5303bca5ea662a
-
SHA512
a8c8750655d1dade5c2175c0338c1de8c796ee5482b26ce90bc38ea5063df647ba4afb41db471f646e01220d27c9a96d6a2c3b4c5fa2256935c9eed23a8bbdac
-
SSDEEP
3072:mVT187rWQ1hDSFU0xC0+cEdxNjvU2XyOVhpiEEe9c6NyHUw6fIRBoGq2WJ9rE:mAOghDEt+cEd3PlpN5w6fIRmB2WJ9rE
Static task
static1
Behavioral task
behavioral1
Sample
9e50c6be3c3bfba4776826dc13d61f3073cfa18c66f2a37f5decda472a224175.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
9e50c6be3c3bfba4776826dc13d61f3073cfa18c66f2a37f5decda472a224175.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Targets
-
-
Target
9e50c6be3c3bfba4776826dc13d61f3073cfa18c66f2a37f5decda472a224175.exe
-
Size
275KB
-
MD5
6908e5f4f40f67ecf2c8f0bb29bae77f
-
SHA1
9a971279d9c5f866505a4dcaa53ae4d057514f49
-
SHA256
9e50c6be3c3bfba4776826dc13d61f3073cfa18c66f2a37f5decda472a224175
-
SHA512
e1f7b789e5d7050f2155a06d614056823aff41f2a3059f530483c49e89c8f05fee590c9639d1d812346bc02e902e715d29414a84b253c3cc010a0b7dae5f3004
-
SSDEEP
3072:43oXRWdU0zuaKItqHDui72bZsSQR1ohgTTi2GKAoFadoBuT/hdkpNN4TJY:f4rK0qHBSA1PT7vw/hdCNN4T
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-