General
-
Target
718b20cdfd7efb4a26aa0aa020e46af0
-
Size
147KB
-
Sample
231222-f6taxsbed4
-
MD5
718b20cdfd7efb4a26aa0aa020e46af0
-
SHA1
466be33731b34e28b56580f499cc7665bd3e77a9
-
SHA256
0ff586cfb65d5fff23f0410d1082a1852c75ca972967fb84031febe0e9a227af
-
SHA512
2cd4b934b3e51be5869b7f78bdaabb8803e8b6ef36cb51d63384ac5492f7a277cd84c3837026027cd3945e14199650fa97c52a96a03b9541af7c755f1247502f
-
SSDEEP
1536:/qdK3LyZnzrkB4BNeF1hwEQjomml3mwG0SbJrSKfIqNW0IyBRg3Hiz2j5t9WMi9y:SsX17mF4JcWpQSY2j5t9WptBD
Static task
static1
Behavioral task
behavioral1
Sample
718b20cdfd7efb4a26aa0aa020e46af0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
718b20cdfd7efb4a26aa0aa020e46af0.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2020
http://fazanaharahe1.xyz/
http://xandelissane2.xyz/
http://ustiassosale3.xyz/
http://cytheriata4.xyz/
http://ggiergionard5.xyz/
http://rrelleynaniy6.store/
http://danniemusoa7.store/
http://nastanizab8.store/
http://onyokandis9.store/
http://dmunaavank10.store/
http://gilmandros11.site/
http://cusanthana12.site/
http://willietjeana13.site/
http://ximusokall14.site/
http://blodinetisha15.site/
http://urydiahadyss16.club/
http://glasamaddama17.club/
http://marlingarly18.club/
http://alluvianna19.club/
http://xandirkaniel20.club/
Targets
-
-
Target
718b20cdfd7efb4a26aa0aa020e46af0
-
Size
147KB
-
MD5
718b20cdfd7efb4a26aa0aa020e46af0
-
SHA1
466be33731b34e28b56580f499cc7665bd3e77a9
-
SHA256
0ff586cfb65d5fff23f0410d1082a1852c75ca972967fb84031febe0e9a227af
-
SHA512
2cd4b934b3e51be5869b7f78bdaabb8803e8b6ef36cb51d63384ac5492f7a277cd84c3837026027cd3945e14199650fa97c52a96a03b9541af7c755f1247502f
-
SSDEEP
1536:/qdK3LyZnzrkB4BNeF1hwEQjomml3mwG0SbJrSKfIqNW0IyBRg3Hiz2j5t9WMi9y:SsX17mF4JcWpQSY2j5t9WptBD
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1