General
-
Target
abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5
-
Size
270KB
-
Sample
230925-d5ysxadd24
-
MD5
f0a2121f6c9bdb4d1ac232d0c67ee651
-
SHA1
cd08b3429707389707fbdd4b847777e8898e1b08
-
SHA256
abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5
-
SHA512
353bde827ffd0a0ae778849309b26ec1aeeec84ec23ff2a492b649e7334349a82a4e924f8f2d26caebc0d58894387177b72b04a5f35966e4ba492c93ff3f8564
-
SSDEEP
6144:xRQhrJ+j+5j68KsT6h/OCy5U9uAO0ARJch9qw6:xR2N+j+5+RsqGGu7/bw6
Static task
static1
Behavioral task
behavioral1
Sample
abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5
-
Size
270KB
-
MD5
f0a2121f6c9bdb4d1ac232d0c67ee651
-
SHA1
cd08b3429707389707fbdd4b847777e8898e1b08
-
SHA256
abc90cf9de4d2f4b45134b36e3a54185979cde738d79c5f0419c010d9adc7cb5
-
SHA512
353bde827ffd0a0ae778849309b26ec1aeeec84ec23ff2a492b649e7334349a82a4e924f8f2d26caebc0d58894387177b72b04a5f35966e4ba492c93ff3f8564
-
SSDEEP
6144:xRQhrJ+j+5j68KsT6h/OCy5U9uAO0ARJch9qw6:xR2N+j+5+RsqGGu7/bw6
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-