General
-
Target
file
-
Size
241KB
-
Sample
230606-qlm9aaed2t
-
MD5
dc076ed6da7792af479120129fad2716
-
SHA1
5950886a02ed459d9ffa92b98a1c4b0462e0de88
-
SHA256
a51b880c04fcc66cc1c561b3b490b04db675f2775bbf1dfc299572d2401e706d
-
SHA512
e58ff229a7649f58f75ed3fba90c72be7d1b378a9f8d2e184039dd9bbd7b04e925a556f410176b4711497caa7edbc7bff87d1e09870077cabf338def098e8a85
-
SSDEEP
3072:zfFQgZdMFWaC7RMgxSMGyfTuyyHM3IZcY+5wxv+mG+O3VKdFp7CnYTRqKV/c:zFQkMFxhgxSMGyyLUzSR+1+GXYM
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://toobussy.com/tmp/
http://wuc11.com/tmp/
http://ladogatur.ru/tmp/
http://kingpirate.ru/tmp/
Targets
-
-
Target
file
-
Size
241KB
-
MD5
dc076ed6da7792af479120129fad2716
-
SHA1
5950886a02ed459d9ffa92b98a1c4b0462e0de88
-
SHA256
a51b880c04fcc66cc1c561b3b490b04db675f2775bbf1dfc299572d2401e706d
-
SHA512
e58ff229a7649f58f75ed3fba90c72be7d1b378a9f8d2e184039dd9bbd7b04e925a556f410176b4711497caa7edbc7bff87d1e09870077cabf338def098e8a85
-
SSDEEP
3072:zfFQgZdMFWaC7RMgxSMGyfTuyyHM3IZcY+5wxv+mG+O3VKdFp7CnYTRqKV/c:zFQkMFxhgxSMGyyLUzSR+1+GXYM
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-