General
-
Target
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677
-
Size
804KB
-
Sample
240603-gtlwraeb4y
-
MD5
f72cedeb043278f63f9645424dbc36f5
-
SHA1
28a8be67a02280d90a97884d4d429edc8d8fada1
-
SHA256
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677
-
SHA512
f9b485ae582f37968339f753aca428f448c3f72bd92d4815fb831d23974f5e09ccec65cae4305e0f928acf68ef47d1f2215509ce0b35520f14006063934ce5d9
-
SSDEEP
24576:UfLDIhsWeIu7DjoEprmF1uBMznzcZ4ViSHKVcb1YEfBr:ufdRIeDjoElm/dH64ViSqqbDx
Static task
static1
Behavioral task
behavioral1
Sample
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677.exe
Resource
win10-20240404-en
Malware Config
Extracted
smokeloader
2022
http://dbfhns.in/tmp/index.php
http://guteyr.cc/tmp/index.php
http://greendag.ru/tmp/index.php
http://lobulraualov.in.net/tmp/index.php
Extracted
smokeloader
pub1
Targets
-
-
Target
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677
-
Size
804KB
-
MD5
f72cedeb043278f63f9645424dbc36f5
-
SHA1
28a8be67a02280d90a97884d4d429edc8d8fada1
-
SHA256
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677
-
SHA512
f9b485ae582f37968339f753aca428f448c3f72bd92d4815fb831d23974f5e09ccec65cae4305e0f928acf68ef47d1f2215509ce0b35520f14006063934ce5d9
-
SSDEEP
24576:UfLDIhsWeIu7DjoEprmF1uBMznzcZ4ViSHKVcb1YEfBr:ufdRIeDjoElm/dH64ViSqqbDx
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-