Behavioral task
behavioral1
Sample
5368-361-0x000000001B640000-0x000000001B650000-memory.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
5368-361-0x000000001B640000-0x000000001B650000-memory.exe
Resource
win10v2004-20230915-en
General
-
Target
5368-361-0x000000001B640000-0x000000001B650000-memory.dmp
-
Size
64KB
-
MD5
26d59989c69ac653340d4a3f94d2df4e
-
SHA1
00e656c00b55f574b50b23e469c16610b1b564a0
-
SHA256
588f75eb5290fe86a12e8807a1c12d09c7c41b004d60e02f48db844da852bb5b
-
SHA512
1bbd080834e16c5149ec4ce1c66fa99e70837a09a45df72aa2d46962cee5f995d2d7ef9429c0ed943cbe6b6933bd99ad9e10f291f78a4efaf588970a1592b3b4
-
SSDEEP
1536:vzL+LKtd1PBkQD4UtFceWnzxmGhkn4kyWAXDs3Z:tvtD4QFJW9bvdWt
Malware Config
Extracted
smokeloader
curr
Signatures
-
Smokeloader family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5368-361-0x000000001B640000-0x000000001B650000-memory.dmp
Files
-
5368-361-0x000000001B640000-0x000000001B650000-memory.dmp.exe windows:1 windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE