General
-
Target
b7779eb7756debf18a7d37bb2a04cbac8420167ea8f746774835e73fa4458703
-
Size
399KB
-
Sample
230717-gxm8zsae52
-
MD5
bf116d38feeab4b00d4b8703776ffdf3
-
SHA1
175a33faf58fa9d8af84da39527357363ee42de4
-
SHA256
b7779eb7756debf18a7d37bb2a04cbac8420167ea8f746774835e73fa4458703
-
SHA512
24590155f0aa2b7276d3779940dc1d2656b7f180187b15c55e864a90ef667bff8d12af74bd5823207857f09066fcd093c5994f31359d8625c5feb47c7204a955
-
SSDEEP
6144:fPXoDQpcUz+TfBDma1bjx2aQRWHBMaMD4V4JQpW9Dhnn9tDbrqDC/Y2AFz/VsLaH:DWDfh2WHaD4eQp2lnvf4CQAL
Static task
static1
Behavioral task
behavioral1
Sample
b7779eb7756debf18a7d37bb2a04cbac8420167ea8f746774835e73fa4458703.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
smokeloader
2022
http://cletonmy.com/
http://alpatrik.com/
Targets
-
-
Target
b7779eb7756debf18a7d37bb2a04cbac8420167ea8f746774835e73fa4458703
-
Size
399KB
-
MD5
bf116d38feeab4b00d4b8703776ffdf3
-
SHA1
175a33faf58fa9d8af84da39527357363ee42de4
-
SHA256
b7779eb7756debf18a7d37bb2a04cbac8420167ea8f746774835e73fa4458703
-
SHA512
24590155f0aa2b7276d3779940dc1d2656b7f180187b15c55e864a90ef667bff8d12af74bd5823207857f09066fcd093c5994f31359d8625c5feb47c7204a955
-
SSDEEP
6144:fPXoDQpcUz+TfBDma1bjx2aQRWHBMaMD4V4JQpW9Dhnn9tDbrqDC/Y2AFz/VsLaH:DWDfh2WHaD4eQp2lnvf4CQAL
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-