General
-
Target
565e9c1e5bc0639b4ca4cd733e7443ff8965950d7e378fddece097e8cfeb68dd
-
Size
270KB
-
Sample
230925-feqqqadg34
-
MD5
67fd2c8410763edad62b8c673de461d1
-
SHA1
f8eaf5ff5abe611a5e512e52bc663d9445b6a9e0
-
SHA256
565e9c1e5bc0639b4ca4cd733e7443ff8965950d7e378fddece097e8cfeb68dd
-
SHA512
8fc74e78f2bb1a113aaa60769379b255df6e6b756444e5e92f647f87101c4da64942e3d03138559a18f762884bb3a23e6c4619906198058470f4f09487628274
-
SSDEEP
6144:UREhrJ+j+5j68KsT6h/OCy5U9uAOTAPrxrmgMAoqw6:URqN+j+5+RsqGGuW9rQQw6
Static task
static1
Behavioral task
behavioral1
Sample
565e9c1e5bc0639b4ca4cd733e7443ff8965950d7e378fddece097e8cfeb68dd.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
565e9c1e5bc0639b4ca4cd733e7443ff8965950d7e378fddece097e8cfeb68dd.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
565e9c1e5bc0639b4ca4cd733e7443ff8965950d7e378fddece097e8cfeb68dd
-
Size
270KB
-
MD5
67fd2c8410763edad62b8c673de461d1
-
SHA1
f8eaf5ff5abe611a5e512e52bc663d9445b6a9e0
-
SHA256
565e9c1e5bc0639b4ca4cd733e7443ff8965950d7e378fddece097e8cfeb68dd
-
SHA512
8fc74e78f2bb1a113aaa60769379b255df6e6b756444e5e92f647f87101c4da64942e3d03138559a18f762884bb3a23e6c4619906198058470f4f09487628274
-
SSDEEP
6144:UREhrJ+j+5j68KsT6h/OCy5U9uAOTAPrxrmgMAoqw6:URqN+j+5+RsqGGuW9rQQw6
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-