General
-
Target
file.exe
-
Size
327KB
-
Sample
221215-k964eafa8z
-
MD5
1865a42c29f7a1e95e4267f6d31d03a0
-
SHA1
3f433583175cefb4f1a9f315dbe9334b4311f40b
-
SHA256
72844b2e6bd944f5dc28f0d7f03d45470aa098e7bd7f136977b61456cc210d9a
-
SHA512
e3892a79e47caa52b7c47508d91766737228a48289f48a93328863945aae5a87bc0b405ae4a7138c0b3db48853f3169b8c5d9b7675872bf990bfd7bb85a2b75c
-
SSDEEP
6144:1YSxLejeVLiaSFdEbCCqdndinShX2bRwN1Sbjfxur/tb:JajeVL9CtjiC2bON1SbjJurR
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
systembc
109.205.214.18:443
Targets
-
-
Target
file.exe
-
Size
327KB
-
MD5
1865a42c29f7a1e95e4267f6d31d03a0
-
SHA1
3f433583175cefb4f1a9f315dbe9334b4311f40b
-
SHA256
72844b2e6bd944f5dc28f0d7f03d45470aa098e7bd7f136977b61456cc210d9a
-
SHA512
e3892a79e47caa52b7c47508d91766737228a48289f48a93328863945aae5a87bc0b405ae4a7138c0b3db48853f3169b8c5d9b7675872bf990bfd7bb85a2b75c
-
SSDEEP
6144:1YSxLejeVLiaSFdEbCCqdndinShX2bRwN1Sbjfxur/tb:JajeVL9CtjiC2bON1SbjJurR
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-