General
-
Target
a4528118f9eb27264827d48f387f76aa.bin
-
Size
2.6MB
-
Sample
231210-ecpj7sbhel
-
MD5
4fdae069d520b9cf6b22e97803c28e57
-
SHA1
c7efc7ca769d1d337b332a86ba8b02cf70556aa0
-
SHA256
3962583f63f105ee5d8693a5f1e1eef01bf4bb890d2775c1d4e93dbbfa634788
-
SHA512
16eabb111a2e3d35da64333772b5f65c413e3afc9716d4a3265d2cf3b3c4e8ab579fa7f2163bc9b3ef70cab60a407b1a9a6fea06b150c20748e24a41abeefba8
-
SSDEEP
49152:Ls7b1eLboUYJFZSyBMCgYm8590EivlGGXMJ8/HQ2jlVwuli3BmRM2z6IvIjhV:Q7bXUYr3gYmS0XBB/HQmbwUM29vIjhV
Static task
static1
Behavioral task
behavioral1
Sample
5e1c1fe206f1a77acc98ab7256c10c1477924786d96d8b079ac2218f20ac582c.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
5e1c1fe206f1a77acc98ab7256c10c1477924786d96d8b079ac2218f20ac582c.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
smokeloader
2022
http://81.19.131.34/fks/index.php
Targets
-
-
Target
5e1c1fe206f1a77acc98ab7256c10c1477924786d96d8b079ac2218f20ac582c.exe
-
Size
2.7MB
-
MD5
a4528118f9eb27264827d48f387f76aa
-
SHA1
d7b548a78eba05f493453af8c463711ebbca6f6a
-
SHA256
5e1c1fe206f1a77acc98ab7256c10c1477924786d96d8b079ac2218f20ac582c
-
SHA512
66865dacd2ff847a7118bb84ab761ed96c18f430e41971fca57d5cc97a4b1eb2ebc9aab4610393ab8d8837957b93f2a00f4f4c70ecc7aaeaabb86b789ea7473e
-
SSDEEP
49152:M8DAzojboQXqz54zhq/Q37bDKESzZCLaegL3zuBoMWwp4FpG:Bp/094zf7vvSFCWfjuEwW
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1