General
-
Target
4796cf8c6eab52df224915dd04ecda81a30384c53e284e6dae7c55a3cae9f976
-
Size
270KB
-
Sample
230925-cybt5ada45
-
MD5
c5e478eec410f273b71b66891382d22a
-
SHA1
980bd6d85b793b708da5be58a1c61192200628a1
-
SHA256
4796cf8c6eab52df224915dd04ecda81a30384c53e284e6dae7c55a3cae9f976
-
SHA512
9a6aefc655fc4212f145fa3a37fa8f013ff132f263b27bbc4f9a8a10ed504b9ebcb087d88bdc49642fb69cb087787014b8a39a4610508257cc5e049c3f8f9518
-
SSDEEP
6144:sR/hrJ+j+5j68KsT6h/OCy5U9uAO7APOQO7qw6:sR5N+j+5+RsqGGuChOGw6
Static task
static1
Behavioral task
behavioral1
Sample
4796cf8c6eab52df224915dd04ecda81a30384c53e284e6dae7c55a3cae9f976.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
4796cf8c6eab52df224915dd04ecda81a30384c53e284e6dae7c55a3cae9f976
-
Size
270KB
-
MD5
c5e478eec410f273b71b66891382d22a
-
SHA1
980bd6d85b793b708da5be58a1c61192200628a1
-
SHA256
4796cf8c6eab52df224915dd04ecda81a30384c53e284e6dae7c55a3cae9f976
-
SHA512
9a6aefc655fc4212f145fa3a37fa8f013ff132f263b27bbc4f9a8a10ed504b9ebcb087d88bdc49642fb69cb087787014b8a39a4610508257cc5e049c3f8f9518
-
SSDEEP
6144:sR/hrJ+j+5j68KsT6h/OCy5U9uAO7APOQO7qw6:sR5N+j+5+RsqGGuChOGw6
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-