General
-
Target
bb77ec808a0d3dca791c2cc72d2020af
-
Size
144KB
-
Sample
231222-rj1bhagddp
-
MD5
bb77ec808a0d3dca791c2cc72d2020af
-
SHA1
4aa1f3abee7a2973419e264de3e58c26e6643752
-
SHA256
705662ead94a35c0ed94a959c96de51bef2fbe996dda6569cd90cfc65194fda3
-
SHA512
d417382cf812513ea8c688fbf4cdfa27394d1bf1d203f2947a53e7c9e36bf694a8e5acd8fc362694e9fd229fdf6240c13d39323b5657dffc2030453c4c486990
-
SSDEEP
3072:oZoPg8mxPh2FHWbk/4qzVzzpr5bRjRMkx:oiwhGKg7z11M
Static task
static1
Behavioral task
behavioral1
Sample
bb77ec808a0d3dca791c2cc72d2020af.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
bb77ec808a0d3dca791c2cc72d2020af.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2020
http://varmisende.com/upload/
http://fernandomayol.com/upload/
http://nextlytm.com/upload/
http://people4jan.com/upload/
http://asfaltwerk.com/upload/
Targets
-
-
Target
bb77ec808a0d3dca791c2cc72d2020af
-
Size
144KB
-
MD5
bb77ec808a0d3dca791c2cc72d2020af
-
SHA1
4aa1f3abee7a2973419e264de3e58c26e6643752
-
SHA256
705662ead94a35c0ed94a959c96de51bef2fbe996dda6569cd90cfc65194fda3
-
SHA512
d417382cf812513ea8c688fbf4cdfa27394d1bf1d203f2947a53e7c9e36bf694a8e5acd8fc362694e9fd229fdf6240c13d39323b5657dffc2030453c4c486990
-
SSDEEP
3072:oZoPg8mxPh2FHWbk/4qzVzzpr5bRjRMkx:oiwhGKg7z11M
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2