General
-
Target
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc
-
Size
126KB
-
Sample
221124-ttgy1sab8s
-
MD5
b965774d46e28c1f52a13288090b71cb
-
SHA1
75ba3a3361a96231ebbc578dccb2531f78532c91
-
SHA256
33f640b875bb7ce1176888c74bfb7b4e09e102ee229cecba7cc1299a016c0243
-
SHA512
8c4e7e94a67767be91076915f76379cc03393a75f26616178e06ef631bc341e5e128c30b0aae014bc0b65438f7f77538ca408b257c56b6f878f50a3b9e814cda
-
SSDEEP
3072:01BIrLaj1H8YCUiqMPHx57YlJUGi9SKrhmjs3:01GS1cvpqK7caGoSKT3
Static task
static1
Behavioral task
behavioral1
Sample
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
amadey
3.50
193.56.146.174/g84kvj4jck/index.php
193.56.146.194/h49vlBP/index.php
1h3art.me/i4kvjd3xc/index.php
Targets
-
-
Target
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc
-
Size
186KB
-
MD5
f57f3df41e4e1123477d9e31a319e463
-
SHA1
bea4a79f6661843f75f41ea9d7ecd5afdfd9fb09
-
SHA256
bee21ffa9386ae7feef30f9e990983b7dfdc116edf263fd9243ae7ebdfb0e6bc
-
SHA512
9d12426c7fe90ce67ad5f0c3e6fa3ca64ce91484550398e6b11ca6b22aa7d88ee1f678ae3cc120ae2685d23636730c77df74af48334b6e87703999650b38dfe1
-
SSDEEP
3072:VsWWyp/VkRjnY7YLvDNjrQuP5UZ+BXlzUW9Bi9SKrAtMUrH:NW+VxYLLNj0dZ+Bh9BoSKct7
Score10/10-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-