General
-
Target
3193a9adfee944d12a081b3fd327d714aa8a3aece4cbf8bfbfd415d9f0574975
-
Size
217KB
-
Sample
231004-fe24raba46
-
MD5
e38c7f0fa1a4d8ffc18742eb0df40048
-
SHA1
eb202808de94d7fa749d67801c06cc3f2bf6efd3
-
SHA256
3193a9adfee944d12a081b3fd327d714aa8a3aece4cbf8bfbfd415d9f0574975
-
SHA512
0e7af9b2b83f42a1a01beef6f9a4aa0e0d53f3e612cab36a8aae9fbdf43c941c0ff854b585cca200bc94606ed17731033c408b5789e5818fc78bf72b0c536ef1
-
SSDEEP
6144:QAxjcZaXLFJKcneXwjph8irvDeVcjf7wpYMyMP/1h:PjcZaXecRjHOuj4yMPNh
Static task
static1
Behavioral task
behavioral1
Sample
3193a9adfee944d12a081b3fd327d714aa8a3aece4cbf8bfbfd415d9f0574975.exe
Resource
win7-20230831-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2020
http://host-file-host6.com/
http://host-host-file8.com/
Extracted
fabookie
http://app.nnnaajjjgc.com/check/safe
Targets
-
-
Target
3193a9adfee944d12a081b3fd327d714aa8a3aece4cbf8bfbfd415d9f0574975
-
Size
217KB
-
MD5
e38c7f0fa1a4d8ffc18742eb0df40048
-
SHA1
eb202808de94d7fa749d67801c06cc3f2bf6efd3
-
SHA256
3193a9adfee944d12a081b3fd327d714aa8a3aece4cbf8bfbfd415d9f0574975
-
SHA512
0e7af9b2b83f42a1a01beef6f9a4aa0e0d53f3e612cab36a8aae9fbdf43c941c0ff854b585cca200bc94606ed17731033c408b5789e5818fc78bf72b0c536ef1
-
SSDEEP
6144:QAxjcZaXLFJKcneXwjph8irvDeVcjf7wpYMyMP/1h:PjcZaXecRjHOuj4yMPNh
-
Detect Fabookie payload
-
Glupteba payload
-
Modifies boot configuration data using bcdedit
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Possible attempt to disable PatchGuard
Rootkits can use kernel patching to embed themselves in an operating system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1