General
-
Target
652685c8ba9a7aa68011ae58ef4ba00c.bin
-
Size
164KB
-
Sample
230328-by1yksgc72
-
MD5
3ab1c9cd8aa613d7dbd5e0f67aaadfb3
-
SHA1
ee56b389ad0cd270d29fd684355f8a898c3bb60c
-
SHA256
85660f53b413aec419d226daa868ec603bc048db1b11c8524f22d7eac6dd16dc
-
SHA512
f5517d40ce66cf13bff910ba483e70810158a73aa383b83636cb12fbf7df4d38a7592810ccf77797bb97e3cfe5fbc7230809ae075f91c493dfa2f45104960372
-
SSDEEP
3072:ftroxkKD54J1tR0MV63+k0IddMUam2K3t/XwaN5CQB0HF4scE9SvMjG:ft8T5e0HJdMNmt/XxzCZivMjG
Static task
static1
Behavioral task
behavioral1
Sample
38787f7e57bc6977e4c2ba92d208d29777dabafd4558a13070dd422449aa1c48.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
38787f7e57bc6977e4c2ba92d208d29777dabafd4558a13070dd422449aa1c48.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Targets
-
-
Target
38787f7e57bc6977e4c2ba92d208d29777dabafd4558a13070dd422449aa1c48.exe
-
Size
274KB
-
MD5
652685c8ba9a7aa68011ae58ef4ba00c
-
SHA1
6dcfbd4f8cea0f732038bb36d12e42875d974a65
-
SHA256
38787f7e57bc6977e4c2ba92d208d29777dabafd4558a13070dd422449aa1c48
-
SHA512
35a357269fc185b2905dd589768f6284692c737bd0e912436f9aef05d105aa4fd8ea60adf97caff4a1834896603891027ac4d026567540911874895e593e1b4d
-
SSDEEP
3072:e3zrCktY3urayKuR1ukF4bZjcQsjS+tFDg9zV8/Og3lSgwae/CpL//c5pNN4TJY:8AOahuRKl+txgBV4OgNJnpL/mNN4T
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-