General
-
Target
5cb8d9d3cd87aa51be2989b76f6ae25a92b6960eb6ff16742958bfbb445c1604
-
Size
332KB
-
Sample
240425-c2vreaea6x
-
MD5
2cb4e769750ceb9a99fcbb4c7e9f8856
-
SHA1
94847e14ba3e8c5aa4f117717399be4f5229070e
-
SHA256
5cb8d9d3cd87aa51be2989b76f6ae25a92b6960eb6ff16742958bfbb445c1604
-
SHA512
601d80eafc9135c0deaed00b990cf7b133bbe312c4bcf405934299aafe8f8e8e3f1845225e2d4322ccf9e9dd72f65ca97408e8468bee44b80565330631a062c2
-
SSDEEP
3072:FDlmFOdHpIjS31Ebs+vQAZXsm9J6nG1TSMShowxpgoZ9qfVonb55X0Cn8Kk2Fi/c:RdHFhyZK8TmpcoDcUo5KqbI5T
Static task
static1
Behavioral task
behavioral1
Sample
5cb8d9d3cd87aa51be2989b76f6ae25a92b6960eb6ff16742958bfbb445c1604.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5cb8d9d3cd87aa51be2989b76f6ae25a92b6960eb6ff16742958bfbb445c1604.exe
Resource
win10-20240404-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
5cb8d9d3cd87aa51be2989b76f6ae25a92b6960eb6ff16742958bfbb445c1604
-
Size
332KB
-
MD5
2cb4e769750ceb9a99fcbb4c7e9f8856
-
SHA1
94847e14ba3e8c5aa4f117717399be4f5229070e
-
SHA256
5cb8d9d3cd87aa51be2989b76f6ae25a92b6960eb6ff16742958bfbb445c1604
-
SHA512
601d80eafc9135c0deaed00b990cf7b133bbe312c4bcf405934299aafe8f8e8e3f1845225e2d4322ccf9e9dd72f65ca97408e8468bee44b80565330631a062c2
-
SSDEEP
3072:FDlmFOdHpIjS31Ebs+vQAZXsm9J6nG1TSMShowxpgoZ9qfVonb55X0Cn8Kk2Fi/c:RdHFhyZK8TmpcoDcUo5KqbI5T
Score10/10-
Downloads MZ/PE file
-
Deletes itself
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-