General
-
Target
c03d3f3fac3615256c7c0805743819a2.exe
-
Size
391KB
-
Sample
230718-hcx35ahe2w
-
MD5
c03d3f3fac3615256c7c0805743819a2
-
SHA1
edb2096b1065550825ace73f5450b2594de35d2b
-
SHA256
7c9d8f3b2f5bb94e50c4d1aa0e4136851e5671d211584abce1a6879933e916e8
-
SHA512
93428f35d6b51a5d6aa3a69a278e7f4be02bf28f7da11e1530e12ab105e04000cedcdc6de3808b8c6e54da64925bd99d385f91734998a1ef99c09527192866b0
-
SSDEEP
6144:CPXoDQpcUz+TfBDma1bMPeakaPMbXtuYv1m6EIzF8FihlIn8HdmD:aWDfhhBXtzv0fA8FiLIIdmD
Static task
static1
Behavioral task
behavioral1
Sample
c03d3f3fac3615256c7c0805743819a2.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
c03d3f3fac3615256c7c0805743819a2.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
smokeloader
2022
http://cletonmy.com/
http://alpatrik.com/
Targets
-
-
Target
c03d3f3fac3615256c7c0805743819a2.exe
-
Size
391KB
-
MD5
c03d3f3fac3615256c7c0805743819a2
-
SHA1
edb2096b1065550825ace73f5450b2594de35d2b
-
SHA256
7c9d8f3b2f5bb94e50c4d1aa0e4136851e5671d211584abce1a6879933e916e8
-
SHA512
93428f35d6b51a5d6aa3a69a278e7f4be02bf28f7da11e1530e12ab105e04000cedcdc6de3808b8c6e54da64925bd99d385f91734998a1ef99c09527192866b0
-
SSDEEP
6144:CPXoDQpcUz+TfBDma1bMPeakaPMbXtuYv1m6EIzF8FihlIn8HdmD:aWDfhhBXtzv0fA8FiLIIdmD
Score10/10-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-