General
-
Target
e433ff5b48bf60a0380c22d86c850df53ff68afe67e9555b8ef312dd8825c167
-
Size
270KB
-
Sample
230925-fsmwzsdg98
-
MD5
f33c27d87bb2612b6ec76909fbc76f0d
-
SHA1
1fdf7ac30756b17f72d0d07419f7c91a8c5eb2b0
-
SHA256
e433ff5b48bf60a0380c22d86c850df53ff68afe67e9555b8ef312dd8825c167
-
SHA512
5a0e69399dc159475d9381a2815aedae91d9ac83a75d712070841c53a5d7fde1075950ff98d7c513a0d98eeef94a951596533ebcb098d73fa9afd12151f5b148
-
SSDEEP
6144:SR1hrJ+j+5j68KsT6h/OCy5U9uAOpAtjZRZwh1qw6:SRrN+j+5+RsqGGu4ttMyw6
Static task
static1
Behavioral task
behavioral1
Sample
e433ff5b48bf60a0380c22d86c850df53ff68afe67e9555b8ef312dd8825c167.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
e433ff5b48bf60a0380c22d86c850df53ff68afe67e9555b8ef312dd8825c167
-
Size
270KB
-
MD5
f33c27d87bb2612b6ec76909fbc76f0d
-
SHA1
1fdf7ac30756b17f72d0d07419f7c91a8c5eb2b0
-
SHA256
e433ff5b48bf60a0380c22d86c850df53ff68afe67e9555b8ef312dd8825c167
-
SHA512
5a0e69399dc159475d9381a2815aedae91d9ac83a75d712070841c53a5d7fde1075950ff98d7c513a0d98eeef94a951596533ebcb098d73fa9afd12151f5b148
-
SSDEEP
6144:SR1hrJ+j+5j68KsT6h/OCy5U9uAOpAtjZRZwh1qw6:SRrN+j+5+RsqGGu4ttMyw6
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-