General
-
Target
868532d1519c35f5286db7166055711d
-
Size
297KB
-
Sample
230915-f32swsgh6y
-
MD5
868532d1519c35f5286db7166055711d
-
SHA1
ed85a798e92814ce6e1295dddde8fcbda29fea8b
-
SHA256
9efbde4de467c8a82b270b40c014c4243284b016bd2788164d85012f36aed0ad
-
SHA512
ffa91bd694e67679fa65a290402bccf83f53b0b47f5fffb70eb8e01b04c59770c58da47dd92f2ad169c58478e01ca24766b00c8d6e8f0b66d2bc3eb66943be60
-
SSDEEP
3072:3lFu+hvmXyBQVicAm1GDBwaFns+QaT3z9JEJupAxQQ3V5qoKhNwav7ZNN9nw37v:1Fu+YXyBQfA/1vJdHIEp0QkXyN9Xn
Static task
static1
Behavioral task
behavioral1
Sample
868532d1519c35f5286db7166055711d.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
868532d1519c35f5286db7166055711d.exe
Resource
win10v2004-20230831-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://gudintas.at/tmp/
http://pik96.ru/tmp/
http://rosatiauto.com/tmp/
http://kingpirate.ru/tmp/
Extracted
stealc
1467882962796800663244393688
http://85.209.11.51
-
url_path
/fefb4a458e1dc58b.php
Targets
-
-
Target
868532d1519c35f5286db7166055711d
-
Size
297KB
-
MD5
868532d1519c35f5286db7166055711d
-
SHA1
ed85a798e92814ce6e1295dddde8fcbda29fea8b
-
SHA256
9efbde4de467c8a82b270b40c014c4243284b016bd2788164d85012f36aed0ad
-
SHA512
ffa91bd694e67679fa65a290402bccf83f53b0b47f5fffb70eb8e01b04c59770c58da47dd92f2ad169c58478e01ca24766b00c8d6e8f0b66d2bc3eb66943be60
-
SSDEEP
3072:3lFu+hvmXyBQVicAm1GDBwaFns+QaT3z9JEJupAxQQ3V5qoKhNwav7ZNN9nw37v:1Fu+YXyBQfA/1vJdHIEp0QkXyN9Xn
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-