General
-
Target
3d453a7b5957aebacd9c6bf4c05d8908.exe
-
Size
295KB
-
Sample
230328-wgaehscd29
-
MD5
3d453a7b5957aebacd9c6bf4c05d8908
-
SHA1
3143bf00c4177cf9fe8ee42068be61322349bf47
-
SHA256
9a03353f33056e104624269ac6c93c2f10e46a6e5bfb62ad4540efefd2fb13a2
-
SHA512
e3915826b1ddeaaaebe05ab6e956a0b12c4368d3e8d32c873cd132710c484b4ce890aad9d8088f87a5f633a2670af87437b60cd727424110b85966dd2e1a0233
-
SSDEEP
3072:ab8g0lq8/wkbXNeUv1uO9WonD0PLJl6zZ6+MwOGxTDkaslmc2toiDTNg:csqSpXNP1uhlwFMwV1DkwtDDTO
Static task
static1
Behavioral task
behavioral1
Sample
3d453a7b5957aebacd9c6bf4c05d8908.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
3d453a7b5957aebacd9c6bf4c05d8908.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
smokeloader
pub4
Extracted
smokeloader
2022
http://aapu.at/tmp/
http://poudineh.com/tmp/
http://firsttrusteedrx.ru/tmp/
http://kingpirate.ru/tmp/
Targets
-
-
Target
3d453a7b5957aebacd9c6bf4c05d8908.exe
-
Size
295KB
-
MD5
3d453a7b5957aebacd9c6bf4c05d8908
-
SHA1
3143bf00c4177cf9fe8ee42068be61322349bf47
-
SHA256
9a03353f33056e104624269ac6c93c2f10e46a6e5bfb62ad4540efefd2fb13a2
-
SHA512
e3915826b1ddeaaaebe05ab6e956a0b12c4368d3e8d32c873cd132710c484b4ce890aad9d8088f87a5f633a2670af87437b60cd727424110b85966dd2e1a0233
-
SSDEEP
3072:ab8g0lq8/wkbXNeUv1uO9WonD0PLJl6zZ6+MwOGxTDkaslmc2toiDTNg:csqSpXNP1uhlwFMwV1DkwtDDTO
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets DLL path for service in the registry
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-