General
-
Target
636c32103ef487d1c30df530296f014b.exe
-
Size
163KB
-
Sample
240226-31jwmaca6w
-
MD5
636c32103ef487d1c30df530296f014b
-
SHA1
f280007f3c78b0823d8978bec1c1cdf792bf5fc6
-
SHA256
c79f0b410c62adbad0d697c85f0f6cf786c61e1a1244090650440d8a09b90bbd
-
SHA512
2a01b0fb459a710c4d8ffb20fe2907bbb5ca091769cb8b3216d909208ee662f9c2f6f035fa1c8aeb9222ee7018c6da15615414b2556e02f0bbcc3bd05337f604
-
SSDEEP
3072:eQ37N6u0D0i+zGJKHZj+4M48iIp2WZnFzw0I:eK8u0Qi+yQHZEiIttw
Static task
static1
Behavioral task
behavioral1
Sample
636c32103ef487d1c30df530296f014b.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
636c32103ef487d1c30df530296f014b.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
smokeloader
2022
http://selebration17io.io/index.php
http://vacantion18ffeu.cc/index.php
http://valarioulinity1.net/index.php
http://buriatiarutuhuob.net/index.php
http://cassiosssionunu.me/index.php
http://sulugilioiu19.net/index.php
http://goodfooggooftool.net/index.php
Extracted
lumma
https://resergvearyinitiani.shop/api
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Targets
-
-
Target
636c32103ef487d1c30df530296f014b.exe
-
Size
163KB
-
MD5
636c32103ef487d1c30df530296f014b
-
SHA1
f280007f3c78b0823d8978bec1c1cdf792bf5fc6
-
SHA256
c79f0b410c62adbad0d697c85f0f6cf786c61e1a1244090650440d8a09b90bbd
-
SHA512
2a01b0fb459a710c4d8ffb20fe2907bbb5ca091769cb8b3216d909208ee662f9c2f6f035fa1c8aeb9222ee7018c6da15615414b2556e02f0bbcc3bd05337f604
-
SSDEEP
3072:eQ37N6u0D0i+zGJKHZj+4M48iIp2WZnFzw0I:eK8u0Qi+yQHZEiIttw
-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1