General
-
Target
0219fce90ce1b20813ffe345fe235f40ab3b227a94e0e69c04e486c85868a3c3
-
Size
270KB
-
Sample
230925-hd7c7acg6z
-
MD5
0bdc447c0cfeb2c7acd18eddebe41636
-
SHA1
c853c981b5ba9b79fb29849b358f0fce2eb04e98
-
SHA256
0219fce90ce1b20813ffe345fe235f40ab3b227a94e0e69c04e486c85868a3c3
-
SHA512
212bb458170046a5a2825170fbdabebbfbd8c96b90ad498704b068f0dcef88931fd6957c4f67ca0c4e1f874a4b4b65212caca8ee689f94e0afdd85044935c9cd
-
SSDEEP
6144:HRIhrJ+j+5j68KsT6h/OCy5U9uAOqA4z7qw6:HRuN+j+5+RsqGGuxwGw6
Static task
static1
Behavioral task
behavioral1
Sample
0219fce90ce1b20813ffe345fe235f40ab3b227a94e0e69c04e486c85868a3c3.exe
Resource
win10-20230915-en
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
0219fce90ce1b20813ffe345fe235f40ab3b227a94e0e69c04e486c85868a3c3
-
Size
270KB
-
MD5
0bdc447c0cfeb2c7acd18eddebe41636
-
SHA1
c853c981b5ba9b79fb29849b358f0fce2eb04e98
-
SHA256
0219fce90ce1b20813ffe345fe235f40ab3b227a94e0e69c04e486c85868a3c3
-
SHA512
212bb458170046a5a2825170fbdabebbfbd8c96b90ad498704b068f0dcef88931fd6957c4f67ca0c4e1f874a4b4b65212caca8ee689f94e0afdd85044935c9cd
-
SSDEEP
6144:HRIhrJ+j+5j68KsT6h/OCy5U9uAOqA4z7qw6:HRuN+j+5+RsqGGuxwGw6
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-