General
-
Target
c33c4ce1f8339faec5081a058b900bbf
-
Size
146KB
-
Sample
231222-rtgxxadaf3
-
MD5
c33c4ce1f8339faec5081a058b900bbf
-
SHA1
e430407a88972de2ee2979e8376c3155ce105b03
-
SHA256
5d6770001d44645d3fde3ca92a4423ebfdf12dd5bec216fd139adf2f65d9974c
-
SHA512
35aa943fca85bd1d6c6b99a84dee2619217a73cd7e4b8f3390305f9e0701fac029b156fe6bdd25f4e0fbba4f17a6635f8226bbd27ae2b2e5c362c79ea721d47d
-
SSDEEP
3072:zAH0HQcUpAhFUf0piJZYlY+i5SYowVPmqva:zfRhFU/RMwa
Static task
static1
Behavioral task
behavioral1
Sample
c33c4ce1f8339faec5081a058b900bbf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
c33c4ce1f8339faec5081a058b900bbf.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2020
http://fazanaharahe1.xyz/
http://xandelissane2.xyz/
http://ustiassosale3.xyz/
http://cytheriata4.xyz/
http://ggiergionard5.xyz/
http://rrelleynaniy6.store/
http://danniemusoa7.store/
http://nastanizab8.store/
http://onyokandis9.store/
http://dmunaavank10.store/
http://gilmandros11.site/
http://cusanthana12.site/
http://willietjeana13.site/
http://ximusokall14.site/
http://blodinetisha15.site/
http://urydiahadyss16.club/
http://glasamaddama17.club/
http://marlingarly18.club/
http://alluvianna19.club/
http://xandirkaniel20.club/
Targets
-
-
Target
c33c4ce1f8339faec5081a058b900bbf
-
Size
146KB
-
MD5
c33c4ce1f8339faec5081a058b900bbf
-
SHA1
e430407a88972de2ee2979e8376c3155ce105b03
-
SHA256
5d6770001d44645d3fde3ca92a4423ebfdf12dd5bec216fd139adf2f65d9974c
-
SHA512
35aa943fca85bd1d6c6b99a84dee2619217a73cd7e4b8f3390305f9e0701fac029b156fe6bdd25f4e0fbba4f17a6635f8226bbd27ae2b2e5c362c79ea721d47d
-
SSDEEP
3072:zAH0HQcUpAhFUf0piJZYlY+i5SYowVPmqva:zfRhFU/RMwa
-
Modifies firewall policy service
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Scheduled Task/Job
1