General
-
Target
db7af89cb34f058907cee0f8b830d888e5589138c562db3b391fa61e74add004
-
Size
270KB
-
Sample
230925-fh4rradg55
-
MD5
4f3d155a8dd309a98f9ec662f3ac34f1
-
SHA1
4dcdf0ac10d100f4fba2d9da29fa13d9d818e9bf
-
SHA256
db7af89cb34f058907cee0f8b830d888e5589138c562db3b391fa61e74add004
-
SHA512
3271244f3db0ca714bf3df564fde0ab80f7f38fa2b083ac1d97eb08a34608b87bac4916c3bb4347a220fb98a150ad6376af6a74039f133148a654d4b6a231bc7
-
SSDEEP
6144:hRIhrJ+j+5j68KsT6h/OCy5U9uAO4A7DtfFdoqw6:hRuN+j+5+RsqGGuLPzw6
Static task
static1
Behavioral task
behavioral1
Sample
db7af89cb34f058907cee0f8b830d888e5589138c562db3b391fa61e74add004.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
db7af89cb34f058907cee0f8b830d888e5589138c562db3b391fa61e74add004
-
Size
270KB
-
MD5
4f3d155a8dd309a98f9ec662f3ac34f1
-
SHA1
4dcdf0ac10d100f4fba2d9da29fa13d9d818e9bf
-
SHA256
db7af89cb34f058907cee0f8b830d888e5589138c562db3b391fa61e74add004
-
SHA512
3271244f3db0ca714bf3df564fde0ab80f7f38fa2b083ac1d97eb08a34608b87bac4916c3bb4347a220fb98a150ad6376af6a74039f133148a654d4b6a231bc7
-
SSDEEP
6144:hRIhrJ+j+5j68KsT6h/OCy5U9uAO4A7DtfFdoqw6:hRuN+j+5+RsqGGuLPzw6
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-