General
-
Target
07ceef005d2626297437e3289872bf40
-
Size
326KB
-
Sample
231224-vr15jsgbgq
-
MD5
07ceef005d2626297437e3289872bf40
-
SHA1
d1735d9e00c820525c6005b2e339a4ac0882efa9
-
SHA256
4d850649831a4cad6dd9d2a6b67fbacc70933c15dd4bd56ff6ffdb27da7aa4a8
-
SHA512
d4979eb0452c285997fd55fa9873e98f6281f442900e1238ce5a5d9c00b11f26ba1de7a484de50de391f5a7492969f685868e46d4660a23b44602dcdfb44610a
-
SSDEEP
6144:7ZqLyrRhjz2YKt3MdauLJb3mZ6JJhrr5Ktxxs23:AYRhjKvt3Mda0b2QTVFos2
Static task
static1
Behavioral task
behavioral1
Sample
07ceef005d2626297437e3289872bf40.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
07ceef005d2626297437e3289872bf40.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
smokeloader
pub3
Extracted
smokeloader
2020
http://conceitosseg.com/upload/
http://integrasidata.com/upload/
http://ozentekstil.com/upload/
http://finbelportal.com/upload/
http://telanganadigital.com/upload/
Targets
-
-
Target
07ceef005d2626297437e3289872bf40
-
Size
326KB
-
MD5
07ceef005d2626297437e3289872bf40
-
SHA1
d1735d9e00c820525c6005b2e339a4ac0882efa9
-
SHA256
4d850649831a4cad6dd9d2a6b67fbacc70933c15dd4bd56ff6ffdb27da7aa4a8
-
SHA512
d4979eb0452c285997fd55fa9873e98f6281f442900e1238ce5a5d9c00b11f26ba1de7a484de50de391f5a7492969f685868e46d4660a23b44602dcdfb44610a
-
SSDEEP
6144:7ZqLyrRhjz2YKt3MdauLJb3mZ6JJhrr5Ktxxs23:AYRhjKvt3Mda0b2QTVFos2
-
Modifies firewall policy service
-
Modifies security service
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Scheduled Task/Job
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Scheduled Task/Job
1