General
-
Target
tmp
-
Size
277KB
-
Sample
230712-dm3zxabf94
-
MD5
9d341b792c8d1b0bafbbe84fcc1c818b
-
SHA1
adac991b02c3d81e3db35031d421f341a5cc48ac
-
SHA256
f1f34fb945e11816aa831608948a74516f936d8cbfb74b2c0fbd05837bd3d96f
-
SHA512
a0895ea92465204efca2399047c32b6894cc4cc8c1c5d44571677506bc70007b22b0804af5f552cc8d928df0568e6b1910382f3c23d3252ffa6258339b4cf036
-
SSDEEP
6144:CR+xXj/CUco+DBNFQ/hrunNmfxh6hF8RWCqv7v//Hid59U0LmWgf1wtJVY9i8P:2c/CUZ+BWhKef6/8RWNv7vnQLZgSrUl
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
smokeloader
2022
http://cletonmy.com/
http://alpatrik.com/
Targets
-
-
Target
tmp
-
Size
277KB
-
MD5
9d341b792c8d1b0bafbbe84fcc1c818b
-
SHA1
adac991b02c3d81e3db35031d421f341a5cc48ac
-
SHA256
f1f34fb945e11816aa831608948a74516f936d8cbfb74b2c0fbd05837bd3d96f
-
SHA512
a0895ea92465204efca2399047c32b6894cc4cc8c1c5d44571677506bc70007b22b0804af5f552cc8d928df0568e6b1910382f3c23d3252ffa6258339b4cf036
-
SSDEEP
6144:CR+xXj/CUco+DBNFQ/hrunNmfxh6hF8RWCqv7v//Hid59U0LmWgf1wtJVY9i8P:2c/CUZ+BWhKef6/8RWNv7vnQLZgSrUl
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-