General
-
Target
32307017.xls
-
Size
1.4MB
-
Sample
230717-glv5fsad95
-
MD5
ab03f70b31107892e798091706ca4f4f
-
SHA1
6975a37ca9a7e5ed68111457e0633992bac30a53
-
SHA256
27bd31839d54056c7868df571290b527d4940f209b66b3bb0a2cfb31f454c7d2
-
SHA512
e2b9d7e74fc7c58ea6e59f67f8e4589c7201705bf04a5ea53a0fc60afba7b8e205b1cd4048205f5e65e7f822558b1c56c5cef6cd43ea77c80c850e1f8d644656
-
SSDEEP
24576:wgu9VNZylw6V9OZyOw6VleHBlEzp7uNR0bgcwyA52CcP5YwVux:wguPR6V9YO6V8hOzNgjyPP5Yz
Static task
static1
Behavioral task
behavioral1
Sample
32307017.xls
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
32307017.xls
Resource
win10v2004-20230703-en
Malware Config
Extracted
smokeloader
2022
http://cletonmy.com/
http://alpatrik.com/
Targets
-
-
Target
32307017.xls
-
Size
1.4MB
-
MD5
ab03f70b31107892e798091706ca4f4f
-
SHA1
6975a37ca9a7e5ed68111457e0633992bac30a53
-
SHA256
27bd31839d54056c7868df571290b527d4940f209b66b3bb0a2cfb31f454c7d2
-
SHA512
e2b9d7e74fc7c58ea6e59f67f8e4589c7201705bf04a5ea53a0fc60afba7b8e205b1cd4048205f5e65e7f822558b1c56c5cef6cd43ea77c80c850e1f8d644656
-
SSDEEP
24576:wgu9VNZylw6V9OZyOw6VleHBlEzp7uNR0bgcwyA52CcP5YwVux:wguPR6V9YO6V8hOzNgjyPP5Yz
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-