General
-
Target
df87f718fb9e4e94e0b202af8b84f22b
-
Size
282KB
-
Sample
231222-s7f37sddb7
-
MD5
df87f718fb9e4e94e0b202af8b84f22b
-
SHA1
e63f6762c1182004f4db715b9216fd8a6387e096
-
SHA256
e70c261bbee76cac0f53d99beb2c1a70938d75a9c6e99459c531a6ec57a10f54
-
SHA512
9929db3ebde4297d4b3223bc15c1353e8658afd1cfa5045a7a9afbb573eb300051918e25ef0b3d8db45783c1b6e0cc45f6de46063a2f1dadd5bd009b5052aca8
-
SSDEEP
6144:bIQEK8NZVn50WAi0HK55N28f4TH8dWDg:tEK87Vn50WAi0Arf4z8Ag
Static task
static1
Behavioral task
behavioral1
Sample
df87f718fb9e4e94e0b202af8b84f22b.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
df87f718fb9e4e94e0b202af8b84f22b.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
2020
http://fazanaharahe1.xyz/
http://xandelissane2.xyz/
http://ustiassosale3.xyz/
http://cytheriata4.xyz/
http://ggiergionard5.xyz/
http://rrelleynaniy6.store/
http://danniemusoa7.store/
http://nastanizab8.store/
http://onyokandis9.store/
http://dmunaavank10.store/
http://gilmandros11.site/
http://cusanthana12.site/
http://willietjeana13.site/
http://ximusokall14.site/
http://blodinetisha15.site/
http://urydiahadyss16.club/
http://glasamaddama17.club/
http://marlingarly18.club/
http://alluvianna19.club/
http://xandirkaniel20.club/
Targets
-
-
Target
df87f718fb9e4e94e0b202af8b84f22b
-
Size
282KB
-
MD5
df87f718fb9e4e94e0b202af8b84f22b
-
SHA1
e63f6762c1182004f4db715b9216fd8a6387e096
-
SHA256
e70c261bbee76cac0f53d99beb2c1a70938d75a9c6e99459c531a6ec57a10f54
-
SHA512
9929db3ebde4297d4b3223bc15c1353e8658afd1cfa5045a7a9afbb573eb300051918e25ef0b3d8db45783c1b6e0cc45f6de46063a2f1dadd5bd009b5052aca8
-
SSDEEP
6144:bIQEK8NZVn50WAi0HK55N28f4TH8dWDg:tEK87Vn50WAi0Arf4z8Ag
-
Modifies firewall policy service
-
Modifies security service
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Scheduled Task/Job
1