General
-
Target
f88f9f0aa65c9a7539ba51fb254322b3.bin
-
Size
315KB
-
Sample
231106-dpyg7sab37
-
MD5
1a4962c5cc0265f60b122889e9c72a1b
-
SHA1
c7a0478434fc2346508dc41adf0c200b31707af7
-
SHA256
2f2ad87b5cbd886e05f8b900d7f43c2811ece5f19d54c593bb771bf5b6fea8db
-
SHA512
86c9eb94a175ab9774138735217ed8fb0da502807228d7cd751d2fb3a76066df0c3885690bf8893e17632d3687d30aa35159e63689bba1e822f0925993cc583d
-
SSDEEP
6144:aBmgPk/v2YiRvRsiyieVUk5dZI1tVZ3Ie7vd6G9j80o80qOn/oApM:s7xZ5eu8ZIvj57vd6eY0v0pnW
Static task
static1
Behavioral task
behavioral1
Sample
af9e55e83d026cf03000fa394257145ef2bd4860aa5a7dc9ff95509fb294e246.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
amadey
3.86
http://77.91.68.61/rock/index.php
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
af9e55e83d026cf03000fa394257145ef2bd4860aa5a7dc9ff95509fb294e246.exe
-
Size
359KB
-
MD5
f88f9f0aa65c9a7539ba51fb254322b3
-
SHA1
357d466843db0783d61130a3f7a5949241acfe30
-
SHA256
af9e55e83d026cf03000fa394257145ef2bd4860aa5a7dc9ff95509fb294e246
-
SHA512
303515e7c6dd84b37e5bccede31399adc7489d29a1931948ef55284d5536756a76ca3aca02932d0b72d606ad7c8454b5347584af0cc516d2320529b7c88c7ec1
-
SSDEEP
6144:KUy+bnr+kp0yN90QEsr0R4kW8nZNL+aFR52B92bosKD7C7EBCd:gMrEy90Cr0+y/2B92bo5ZBCd
-
Detects Healer an antivirus disabler dropper
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1