General
-
Target
7afc896ff5590bde1e2533e40573e20b365c1f0ed261e8d7ca0e1fe01ef7f732
-
Size
189KB
-
Sample
220701-hk1tzsgeej
-
MD5
e5f8880417891a0d527b29cad8e087b0
-
SHA1
9784587256aaeb4e6a68ba13d0848647928dfbb2
-
SHA256
7afc896ff5590bde1e2533e40573e20b365c1f0ed261e8d7ca0e1fe01ef7f732
-
SHA512
262a5ebff4525984d6d98f3831f142f3f695101d5067762ef4ceaca196bf0e5941ff0173b95a63c4355a49452e423805eb131ba53c711344619fa08d78510db6
Static task
static1
Behavioral task
behavioral1
Sample
7afc896ff5590bde1e2533e40573e20b365c1f0ed261e8d7ca0e1fe01ef7f732.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7afc896ff5590bde1e2533e40573e20b365c1f0ed261e8d7ca0e1fe01ef7f732.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
smokeloader
2017
http://dogewareservice.ru/
Targets
-
-
Target
7afc896ff5590bde1e2533e40573e20b365c1f0ed261e8d7ca0e1fe01ef7f732
-
Size
189KB
-
MD5
e5f8880417891a0d527b29cad8e087b0
-
SHA1
9784587256aaeb4e6a68ba13d0848647928dfbb2
-
SHA256
7afc896ff5590bde1e2533e40573e20b365c1f0ed261e8d7ca0e1fe01ef7f732
-
SHA512
262a5ebff4525984d6d98f3831f142f3f695101d5067762ef4ceaca196bf0e5941ff0173b95a63c4355a49452e423805eb131ba53c711344619fa08d78510db6
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-