General
-
Target
finalpayload.exe
-
Size
29KB
-
Sample
230328-hv1xqsbc6y
-
MD5
41fa93a7ec3bd87da29f982e139a0c0f
-
SHA1
c3919d866cbc2f31efadce588789ca094276468a
-
SHA256
276295eb22a7da1c649a9320612b613fe7201f4ff54fec6e5436b28c9221bda7
-
SHA512
5bb7be05caa77868bcf7f6cce56bc210d45c7220039ad9e8222f25d67fffd6b0604f1f0673463c563dbf5911a2a37fd51b3b4985d5da86dd0b45e58e13bbc2bb
-
SSDEEP
768:uiei6JKbKxBRMlO9uUx6/GRaPN1N//U4ebJb82z:u+YKb2BeIzx6OY1N/gbTz
Behavioral task
behavioral1
Sample
finalpayload.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
finalpayload.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
smokeloader
2022
http://cdn1.wf/
http://cdn2.wf/
http://cdn3.wf/
http://194.180.48.53/
Targets
-
-
Target
finalpayload.exe
-
Size
29KB
-
MD5
41fa93a7ec3bd87da29f982e139a0c0f
-
SHA1
c3919d866cbc2f31efadce588789ca094276468a
-
SHA256
276295eb22a7da1c649a9320612b613fe7201f4ff54fec6e5436b28c9221bda7
-
SHA512
5bb7be05caa77868bcf7f6cce56bc210d45c7220039ad9e8222f25d67fffd6b0604f1f0673463c563dbf5911a2a37fd51b3b4985d5da86dd0b45e58e13bbc2bb
-
SSDEEP
768:uiei6JKbKxBRMlO9uUx6/GRaPN1N//U4ebJb82z:u+YKb2BeIzx6OY1N/gbTz
Score10/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-