Overview
overview
10Static
static
3a041839327...d1.exe
windows7-x64
10a041839327...d1.exe
windows10-1703-x64
10a041839327...d1.exe
windows10-2004-x64
10a041839327...d1.exe
windows11-21h2-x64
10b102ed1018...01.exe
windows7-x64
10b102ed1018...01.exe
windows10-1703-x64
10b102ed1018...01.exe
windows10-2004-x64
10b102ed1018...01.exe
windows11-21h2-x64
1650f0d694c...7e.exe
windows7-x64
10650f0d694c...7e.exe
windows10-1703-x64
10650f0d694c...7e.exe
windows10-2004-x64
10650f0d694c...7e.exe
windows11-21h2-x64
1General
-
Target
Desktop.rar
-
Size
198KB
-
Sample
240415-pfh7psgd91
-
MD5
7f7effdc4c7a19c224be6237dff8d701
-
SHA1
3897e1baf0d072d606f77b7b07ad58ecfb2da380
-
SHA256
c80fed268a0c461e382fe561fb0e94f41f4d1c4d611858bc56ea6118293e3de1
-
SHA512
8b17efb97c460d6f5cf7010206e3180992455beb1d6180c2aed5db045d4770401ffd2513790e2fcff605948ce5c23acf580e2a8d51919eabc1da3b5b6ebe9d13
-
SSDEEP
3072:IZL3PGErh57/VTnpKvp5QcHck6wyagpd5h11ANXqIJSw78RQSzipSoqI9oFKD29L:IxeI5TpYStkvyJpZfANXqIJyUcVu2x
Static task
static1
Behavioral task
behavioral1
Sample
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1.exe
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral8
Sample
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Resource
win11-20240412-en
Behavioral task
behavioral9
Sample
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral12
Sample
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e.exe
Resource
win11-20240412-en
Malware Config
Extracted
smokeloader
2022
http://furubujjul.net/
http://starvestitibo.org/
http://liubertiyyyul.net/
http://bururutu44org.org/
http://nvulukuluir.net/
http://gulutina49org.org/
http://hulimudulinu.net/
http://stalnnuytyt.org/
http://nuluitnulo.me/
http://youyouumenia5.org/
http://guluiiiimnstra.net/
Extracted
C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt
azov
Targets
-
-
Target
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1
-
Size
255KB
-
MD5
7fdba86bba0508054fd1f058a6a2d134
-
SHA1
131aa6889c55b9348a452fdf369fe54c2f05ba48
-
SHA256
a041839327295fde3df12ea61374abd19c4499b87e211757c593179d6a6870d1
-
SHA512
901b368bf99f8b715186d22d73bbb80a87f8498fd375b9023d798651f5c0939d01d3ec3ec50ce148699b6228aca59711883e9a30e986c1c5d18e95e8ab1967f1
-
SSDEEP
6144:VU8vCLXBfoCmgZw6NNTs9VUkIqj8m+z7:VU8apkQw6N6LUkpv+z7
Score10/10-
Deletes itself
-
Executes dropped EXE
-
-
-
Target
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801
-
Size
32KB
-
MD5
6468ee100d88c71d55dfdcf4e30f991e
-
SHA1
5c520d2d7dc4c9e5d536d3aff998185657d40ac8
-
SHA256
b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801
-
SHA512
41913eb5adaab42c7ebff547421c0faedede5a3356cb2aa8b92ab20320f73766101056853f450435281cf31e7f32603c62fbd88fa3a680b19abda5d8cc9a98ae
-
SSDEEP
768:QzG3EG0IUJrd6dQar/MjfW33AMar6q3Fu:QKEG4Jx6Ky/Mjo3AMa13U
Score10/10-
Drops startup file
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e
-
Size
32KB
-
MD5
7129291fc3d97377200f8a24ad06930a
-
SHA1
3f858d2837529e6c973ffa7c26c643e9748e7282
-
SHA256
650f0d694c0928d88aeeed649cf629fc8a7bec604563bca716b1688227e0cc7e
-
SHA512
6bd4537a79f839c2964a814eed2fd5c217a969632e267afbe028b04a91a410abd594fb45bf1cba954f8be71e6041a923e932994754fcd46cc71a0bbaf4a932a1
-
SSDEEP
384:s+ImkKRjvD/XlXPRPNTEUZytgSisYuaDhcWNDkSIvrfPxLCk9Hf/z:WKRjvTXlXPRNTRZ6hisYugcXjfNCkl
Score10/10-
Renames multiple (7659) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-