General
-
Target
a48d767621acecbb12a31fbd4007a16e77e6a0155d255c056f2400d0b17cfeba
-
Size
174KB
-
Sample
240429-fdl15saf59
-
MD5
df469e0a98c5be3dbbdee404268d491a
-
SHA1
17951c7c3b3dbb7769efa595298ac0183e000c77
-
SHA256
a48d767621acecbb12a31fbd4007a16e77e6a0155d255c056f2400d0b17cfeba
-
SHA512
8c90c9e5b57a854b38600946659d39519a222d5cc36008ef9617df74719e662d66445ca223cff7feffabbb50ecad6028d06d436c5d8fdb349b6bf9ddd1128dfc
-
SSDEEP
1536:+ngptcHx6TyxkuM39m/wrut+8IGA/75IVL0tQlfYvm/ivedMzcfknx9Xb5Wyq9R9:+nZZBMtjruMGA/lxtbvma2dGTb5Wyq9
Static task
static1
Behavioral task
behavioral1
Sample
a48d767621acecbb12a31fbd4007a16e77e6a0155d255c056f2400d0b17cfeba.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
a48d767621acecbb12a31fbd4007a16e77e6a0155d255c056f2400d0b17cfeba.exe
Resource
win11-20240419-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Extracted
lumma
https://accountasifkwosov.shop/api
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
https://palmeventeryjusk.shop/api
https://entitlementappwo.shop/api
https://economicscreateojsu.shop/api
https://pushjellysingeywus.shop/api
https://absentconvicsjawun.shop/api
https://suitcaseacanehalk.shop/api
https://bordersoarmanusjuw.shop/api
https://mealplayerpreceodsju.shop/api
https://wifeplasterbakewis.shop/api
Targets
-
-
Target
a48d767621acecbb12a31fbd4007a16e77e6a0155d255c056f2400d0b17cfeba
-
Size
174KB
-
MD5
df469e0a98c5be3dbbdee404268d491a
-
SHA1
17951c7c3b3dbb7769efa595298ac0183e000c77
-
SHA256
a48d767621acecbb12a31fbd4007a16e77e6a0155d255c056f2400d0b17cfeba
-
SHA512
8c90c9e5b57a854b38600946659d39519a222d5cc36008ef9617df74719e662d66445ca223cff7feffabbb50ecad6028d06d436c5d8fdb349b6bf9ddd1128dfc
-
SSDEEP
1536:+ngptcHx6TyxkuM39m/wrut+8IGA/75IVL0tQlfYvm/ivedMzcfknx9Xb5Wyq9R9:+nZZBMtjruMGA/lxtbvma2dGTb5Wyq9
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Deletes itself
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1