General
-
Target
91216642bc7ce906c436a9d45cd83ad258464af1b640a4df9a0768b0f6b69a90
-
Size
270KB
-
Sample
230925-fe7n8sdg43
-
MD5
98605fface211c6d320a8e151497143e
-
SHA1
9ab6962c5b7caf45510030ab58381d96ca8af455
-
SHA256
91216642bc7ce906c436a9d45cd83ad258464af1b640a4df9a0768b0f6b69a90
-
SHA512
b94f66241b8b345a42837535b5f007fdcfd92c5be60904fb58bef54f10b4d22118bc130eef32c60173154fbd8841854cd716bdcce7a06f879643410b80dbfe72
-
SSDEEP
6144:ZRgcMQ+j+5j68KsT6h/OCy5UKuAOog7/k1BaTy1wK:ZRz7+j+5+RsqGhu/7M1BakwK
Static task
static1
Behavioral task
behavioral1
Sample
91216642bc7ce906c436a9d45cd83ad258464af1b640a4df9a0768b0f6b69a90.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
91216642bc7ce906c436a9d45cd83ad258464af1b640a4df9a0768b0f6b69a90.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
91216642bc7ce906c436a9d45cd83ad258464af1b640a4df9a0768b0f6b69a90
-
Size
270KB
-
MD5
98605fface211c6d320a8e151497143e
-
SHA1
9ab6962c5b7caf45510030ab58381d96ca8af455
-
SHA256
91216642bc7ce906c436a9d45cd83ad258464af1b640a4df9a0768b0f6b69a90
-
SHA512
b94f66241b8b345a42837535b5f007fdcfd92c5be60904fb58bef54f10b4d22118bc130eef32c60173154fbd8841854cd716bdcce7a06f879643410b80dbfe72
-
SSDEEP
6144:ZRgcMQ+j+5j68KsT6h/OCy5UKuAOog7/k1BaTy1wK:ZRz7+j+5+RsqGhu/7M1BakwK
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-