General
-
Target
5383.exe
-
Size
161KB
-
Sample
240306-te1gtach2t
-
MD5
50de50d9100e832d8fabfe179e344090
-
SHA1
5009a1a1142bf449ed1b1883cdcd056d1eb90e18
-
SHA256
30c9ad9803c697260d6dbf3109479101e195cebf8e2b56d0006b656bd4c072de
-
SHA512
9ffd8a6c279e95eb7d595bff16d099ee32d2ca24286d35878fc53596537211fa89b1243a7fbd3ba26c64cd38be2d88baeb7a822f5aa44fb6d1bd8cec71061c14
-
SSDEEP
3072:/iZUCzdMujBCyICdg82yDMgbrbCV+tdjgav:/6UChMsCyw8TYs4+tJ9
Static task
static1
Behavioral task
behavioral1
Sample
5383.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
5383.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
5383.exe
Resource
win11-20240221-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://kamsmad.com/tmp/index.php
http://souzhensil.ru/tmp/index.php
http://teplokub.com.ua/tmp/index.php
Targets
-
-
Target
5383.exe
-
Size
161KB
-
MD5
50de50d9100e832d8fabfe179e344090
-
SHA1
5009a1a1142bf449ed1b1883cdcd056d1eb90e18
-
SHA256
30c9ad9803c697260d6dbf3109479101e195cebf8e2b56d0006b656bd4c072de
-
SHA512
9ffd8a6c279e95eb7d595bff16d099ee32d2ca24286d35878fc53596537211fa89b1243a7fbd3ba26c64cd38be2d88baeb7a822f5aa44fb6d1bd8cec71061c14
-
SSDEEP
3072:/iZUCzdMujBCyICdg82yDMgbrbCV+tdjgav:/6UChMsCyw8TYs4+tJ9
Score10/10-
Deletes itself
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-