General
-
Target
2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115_JC.exe
-
Size
301KB
-
Sample
230915-pr1k5aee23
-
MD5
655655e9b1744d3fc9c5772e7be8a48d
-
SHA1
3a11602219bbe119e5258ca15ef674735613e293
-
SHA256
2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115
-
SHA512
6bcc109d74d0ec45c2f77dd8c04c31ef8fdd1137eadc87ffc210bb050a9329c9df82aee07b1a7e200481136f531220941d43487ebacb4154d0684b8e38ab96c0
-
SSDEEP
3072:U8aVnLG89UmwOTTk9Uhjlsm7yCKYmGV/6CWi0hHp0eUkqlK/Yg3:s9h9UmwOTTkSPTcIkG8Y
Static task
static1
Behavioral task
behavioral1
Sample
2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115_JC.exe
Resource
win7-20230831-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://gudintas.at/tmp/
http://pik96.ru/tmp/
http://rosatiauto.com/tmp/
http://kingpirate.ru/tmp/
Extracted
stealc
http://85.209.11.51
-
url_path
/fefb4a458e1dc58b.php
Targets
-
-
Target
2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115_JC.exe
-
Size
301KB
-
MD5
655655e9b1744d3fc9c5772e7be8a48d
-
SHA1
3a11602219bbe119e5258ca15ef674735613e293
-
SHA256
2a8bad21145b4d758332588fb79ef6bcb2aa95bd7de7a2d8c0777e6f7146b115
-
SHA512
6bcc109d74d0ec45c2f77dd8c04c31ef8fdd1137eadc87ffc210bb050a9329c9df82aee07b1a7e200481136f531220941d43487ebacb4154d0684b8e38ab96c0
-
SSDEEP
3072:U8aVnLG89UmwOTTk9Uhjlsm7yCKYmGV/6CWi0hHp0eUkqlK/Yg3:s9h9UmwOTTkSPTcIkG8Y
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-