General
-
Target
1a8b0853338c0e0eab5d13746038fae9.bin
-
Size
150KB
-
Sample
230915-beqcqsag95
-
MD5
338f6626b692f7b34ce454d57a4d1e6d
-
SHA1
8dc5b5773dbe32403110d0624e0f4552841997f1
-
SHA256
b383c265c95b2dfbf5b3194398ccdd462abae212792a6087f016f047230a9adf
-
SHA512
6a211ed64768b26893d25c49e8de775ca21dd8483b08f30e508776b34ecd78b20828eee8746f2492611264ec9d0168b96552dd067f65a462902dcb9117c21d7c
-
SSDEEP
3072:Yfneu06bkoEAZCEftzQryfXhTiD9wsq5aWH+ZNr09Xx899UKy:AnrJDEyfXhTiDGGZNr09XACKy
Static task
static1
Behavioral task
behavioral1
Sample
1a8b0853338c0e0eab5d13746038fae9.zip
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1a8b0853338c0e0eab5d13746038fae9.zip
Resource
win10v2004-20230831-en
Behavioral task
behavioral3
Sample
947fb340a672bd684a18ab7aeb7fe28cd9f2eee3c0de99c205f3a4a39aad12c0.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
947fb340a672bd684a18ab7aeb7fe28cd9f2eee3c0de99c205f3a4a39aad12c0.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://gudintas.at/tmp/
http://pik96.ru/tmp/
http://rosatiauto.com/tmp/
http://kingpirate.ru/tmp/
Extracted
stealc
1467882962796800663244393688
http://85.209.11.51
-
url_path
/fefb4a458e1dc58b.php
Targets
-
-
Target
1a8b0853338c0e0eab5d13746038fae9.bin
-
Size
150KB
-
MD5
338f6626b692f7b34ce454d57a4d1e6d
-
SHA1
8dc5b5773dbe32403110d0624e0f4552841997f1
-
SHA256
b383c265c95b2dfbf5b3194398ccdd462abae212792a6087f016f047230a9adf
-
SHA512
6a211ed64768b26893d25c49e8de775ca21dd8483b08f30e508776b34ecd78b20828eee8746f2492611264ec9d0168b96552dd067f65a462902dcb9117c21d7c
-
SSDEEP
3072:Yfneu06bkoEAZCEftzQryfXhTiD9wsq5aWH+ZNr09Xx899UKy:AnrJDEyfXhTiDGGZNr09XACKy
Score1/10 -
-
-
Target
947fb340a672bd684a18ab7aeb7fe28cd9f2eee3c0de99c205f3a4a39aad12c0.bin
-
Size
302KB
-
MD5
1a8b0853338c0e0eab5d13746038fae9
-
SHA1
3132faa6943319d0d6a29940698c2fc39fb89062
-
SHA256
947fb340a672bd684a18ab7aeb7fe28cd9f2eee3c0de99c205f3a4a39aad12c0
-
SHA512
f2c27edad737d0bc82309bb8fe723fd43fa04a320928ab115fcaba1751a81a6d36ea0ccfd4e5eda6aa520f3afd31047630b6c3eb2387a8d9d4d79ba0c3b99cd4
-
SSDEEP
3072:OOVBnvCNeLj8S+rLFOhgEl1L1JhrEX7CqluMFkaysVq8fnYO8J:vxoeLj8SKLF0j1LXhQLfoq/7R
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-