General
-
Target
bb0c816a7ea9e563ac877399e1787c84fa098fb1892a27f0f354747fa9a149a2
-
Size
215KB
-
Sample
221217-zegycscd8v
-
MD5
c16a51b1092877aa252ff8179b46c1a1
-
SHA1
a29d46d533e5230c72645f9bacb90ff1656f12ed
-
SHA256
bb0c816a7ea9e563ac877399e1787c84fa098fb1892a27f0f354747fa9a149a2
-
SHA512
78e15bc89ed55c8d3ad67ee37b143b78255a7978900f70c1703c9b8a0dfeaa303ffdc0c6f7b3c1d443397159ebeba58dcf12e086d0b86a8f31783985cdd56385
-
SSDEEP
3072:AG02SX0LNOZ8RcJs7io/3JGSwv3KC+9NH8/g3xoiR4L1G3ERWR3Le:Al2w0LNONJho/3JGlH/g3Cw4LEU0V6
Static task
static1
Behavioral task
behavioral1
Sample
bb0c816a7ea9e563ac877399e1787c84fa098fb1892a27f0f354747fa9a149a2.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
bb0c816a7ea9e563ac877399e1787c84fa098fb1892a27f0f354747fa9a149a2
-
Size
215KB
-
MD5
c16a51b1092877aa252ff8179b46c1a1
-
SHA1
a29d46d533e5230c72645f9bacb90ff1656f12ed
-
SHA256
bb0c816a7ea9e563ac877399e1787c84fa098fb1892a27f0f354747fa9a149a2
-
SHA512
78e15bc89ed55c8d3ad67ee37b143b78255a7978900f70c1703c9b8a0dfeaa303ffdc0c6f7b3c1d443397159ebeba58dcf12e086d0b86a8f31783985cdd56385
-
SSDEEP
3072:AG02SX0LNOZ8RcJs7io/3JGSwv3KC+9NH8/g3xoiR4L1G3ERWR3Le:Al2w0LNONJho/3JGlH/g3Cw4LEU0V6
Score10/10-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-