General
-
Target
bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7
-
Size
179KB
-
Sample
240521-k6zvxsfh9w
-
MD5
ccfb70ac53b63ba7a8a1bb859deb0a63
-
SHA1
4a6b127768edb4316ecccd722d14cdc0fd67a9c0
-
SHA256
bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7
-
SHA512
04f4080063d51b50028399c21b910d645c7ae87b2228170ab9fcc0c4ca6d7d9ec4679d6b0fa1e911d6d2c0f164be4dad565f367cef4c9daf321d4a66fb961326
-
SSDEEP
1536:D/bI75oFJE7LocP46lfSAPMtyKnM9fGqxHMHKQ0v5WK9IMn4kZhXU4L+vx5tLctB:DYlfSAPM0KMYq2HuWKz4kPU465
Static task
static1
Behavioral task
behavioral1
Sample
bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7.exe
Resource
win11-20240508-en
Malware Config
Extracted
smokeloader
pub1
Extracted
smokeloader
2022
http://trad-einmyus.com/index.php
http://tradein-myus.com/index.php
http://trade-inmyus.com/index.php
Targets
-
-
Target
bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7
-
Size
179KB
-
MD5
ccfb70ac53b63ba7a8a1bb859deb0a63
-
SHA1
4a6b127768edb4316ecccd722d14cdc0fd67a9c0
-
SHA256
bf9d4fcc7aeee9158d4764bee8e73b2bb0e42769cbc78e5d4582da43ac0b39a7
-
SHA512
04f4080063d51b50028399c21b910d645c7ae87b2228170ab9fcc0c4ca6d7d9ec4679d6b0fa1e911d6d2c0f164be4dad565f367cef4c9daf321d4a66fb961326
-
SSDEEP
1536:D/bI75oFJE7LocP46lfSAPMtyKnM9fGqxHMHKQ0v5WK9IMn4kZhXU4L+vx5tLctB:DYlfSAPM0KMYq2HuWKz4kPU465
Score10/10-
Modifies Installed Components in the registry
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-