General
-
Target
d628cc0dd2db8f440f732c8ef628d99d2d97fbaac052d5bc2d4302929cfffe30
-
Size
306KB
-
Sample
240417-lxxvmsda8w
-
MD5
3a748e3ed487edbcb2ac8f94f78a8ff6
-
SHA1
5858a433f3a2b5156ebbeae4e3c5ea6c4383e530
-
SHA256
d628cc0dd2db8f440f732c8ef628d99d2d97fbaac052d5bc2d4302929cfffe30
-
SHA512
484b3e72fd2734c6eebb1376ce934990d288f2b331d3d905ea5f43dd590868efeb3392380e364f24fb8ae35870ca3c8fe0ed46451aabcd02e5335e6b0942f65c
-
SSDEEP
3072:Fyhm+yTiEFRF/Ru/kgP7NL8C8+XPuEKEShT1bIa4KblMd3WOZVonTiezkLpAEz2s:cyd7FDgjh8C8+chhH4KOdmOcewkyo2s
Static task
static1
Behavioral task
behavioral1
Sample
d628cc0dd2db8f440f732c8ef628d99d2d97fbaac052d5bc2d4302929cfffe30.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
d628cc0dd2db8f440f732c8ef628d99d2d97fbaac052d5bc2d4302929cfffe30.exe
Resource
win11-20240412-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Extracted
lumma
https://greetclassifytalk.shop/api
https://entitlementappwo.shop/api
https://economicscreateojsu.shop/api
https://pushjellysingeywus.shop/api
https://absentconvicsjawun.shop/api
https://suitcaseacanehalk.shop/api
https://bordersoarmanusjuw.shop/api
https://mealplayerpreceodsju.shop/api
https://wifeplasterbakewis.shop/api
Targets
-
-
Target
d628cc0dd2db8f440f732c8ef628d99d2d97fbaac052d5bc2d4302929cfffe30
-
Size
306KB
-
MD5
3a748e3ed487edbcb2ac8f94f78a8ff6
-
SHA1
5858a433f3a2b5156ebbeae4e3c5ea6c4383e530
-
SHA256
d628cc0dd2db8f440f732c8ef628d99d2d97fbaac052d5bc2d4302929cfffe30
-
SHA512
484b3e72fd2734c6eebb1376ce934990d288f2b331d3d905ea5f43dd590868efeb3392380e364f24fb8ae35870ca3c8fe0ed46451aabcd02e5335e6b0942f65c
-
SSDEEP
3072:Fyhm+yTiEFRF/Ru/kgP7NL8C8+XPuEKEShT1bIa4KblMd3WOZVonTiezkLpAEz2s:cyd7FDgjh8C8+chhH4KOdmOcewkyo2s
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-