General
-
Target
bd7dfe3ee6d396de77be1c02c7b5a2f4.exe
-
Size
1.2MB
-
Sample
231210-zlcl8adeb3
-
MD5
bd7dfe3ee6d396de77be1c02c7b5a2f4
-
SHA1
1381bf7d9e7f64128cae07ac3e28c40f30b0a505
-
SHA256
37f283d353333395bb078e2f1a276a892ae076d4a2e3bcd95ddd431fd03ae309
-
SHA512
57e3be54c916f10ac1b1ed2738bf06c083fc4fc3670a55135b0b97e2943c4d81314efa32cece00af8386d06e7e8f5da8683c0bd802d2e078a369dfd5fa1d35bf
-
SSDEEP
24576:5yXojLd4c9Ua2Wn1IzmvqgUyXy822wQ/TIYJDnfIwVXh2fPU:s+N9oWn1IzmvxC8NwoPtin
Static task
static1
Behavioral task
behavioral1
Sample
bd7dfe3ee6d396de77be1c02c7b5a2f4.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
bd7dfe3ee6d396de77be1c02c7b5a2f4.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
risepro
193.233.132.51
Extracted
smokeloader
2022
http://81.19.131.34/fks/index.php
Targets
-
-
Target
bd7dfe3ee6d396de77be1c02c7b5a2f4.exe
-
Size
1.2MB
-
MD5
bd7dfe3ee6d396de77be1c02c7b5a2f4
-
SHA1
1381bf7d9e7f64128cae07ac3e28c40f30b0a505
-
SHA256
37f283d353333395bb078e2f1a276a892ae076d4a2e3bcd95ddd431fd03ae309
-
SHA512
57e3be54c916f10ac1b1ed2738bf06c083fc4fc3670a55135b0b97e2943c4d81314efa32cece00af8386d06e7e8f5da8683c0bd802d2e078a369dfd5fa1d35bf
-
SSDEEP
24576:5yXojLd4c9Ua2Wn1IzmvqgUyXy822wQ/TIYJDnfIwVXh2fPU:s+N9oWn1IzmvxC8NwoPtin
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1