General
-
Target
e4618fdcd51ef710ca424f7710683e49f7e31b9c8f1cf6e4ce6a118a5c14a5b3.exe
-
Size
223KB
-
Sample
240207-1jw4hsbee5
-
MD5
e5f1b768a60cb6457200a8056398f60b
-
SHA1
676c1edbeedffb2e18e40181ff241dfa774c285a
-
SHA256
e4618fdcd51ef710ca424f7710683e49f7e31b9c8f1cf6e4ce6a118a5c14a5b3
-
SHA512
6ae768714ac49dcc232cad66181ba8e366582cd911ffbab3a7d8f4f76680f0ad9f63c48ef4eb47290a317357c970e094ba321c2dbb59a770c96c1f5dd669cf92
-
SSDEEP
3072:g2Zy6hujxaMXP3OwoBXYQk9guGjRN+WMvtOAM49uHZZFGGgjaaSpGq/B:g2nEaMmRBIYu6N+1N4HZx9p7
Static task
static1
Behavioral task
behavioral1
Sample
e4618fdcd51ef710ca424f7710683e49f7e31b9c8f1cf6e4ce6a118a5c14a5b3.exe
Resource
win7-20231215-en
Malware Config
Extracted
smokeloader
pub2
Extracted
smokeloader
2022
http://gxutc2c.com/tmp/index.php
http://proekt8.ru/tmp/index.php
http://mth.com.ua/tmp/index.php
http://pirateking.online/tmp/index.php
http://piratia.pw/tmp/index.php
http://go-piratia.ru/tmp/index.php
Extracted
amadey
4.14
http://anfesq.com
http://cbinr.com
http://rimakc.ru
-
install_dir
68fd3d7ade
-
install_file
Utsysc.exe
-
strings_key
27ec7fd6f50f63b8af0c1d3deefcc8fe
-
url_paths
/forum/index.php
Targets
-
-
Target
e4618fdcd51ef710ca424f7710683e49f7e31b9c8f1cf6e4ce6a118a5c14a5b3.exe
-
Size
223KB
-
MD5
e5f1b768a60cb6457200a8056398f60b
-
SHA1
676c1edbeedffb2e18e40181ff241dfa774c285a
-
SHA256
e4618fdcd51ef710ca424f7710683e49f7e31b9c8f1cf6e4ce6a118a5c14a5b3
-
SHA512
6ae768714ac49dcc232cad66181ba8e366582cd911ffbab3a7d8f4f76680f0ad9f63c48ef4eb47290a317357c970e094ba321c2dbb59a770c96c1f5dd669cf92
-
SSDEEP
3072:g2Zy6hujxaMXP3OwoBXYQk9guGjRN+WMvtOAM49uHZZFGGgjaaSpGq/B:g2nEaMmRBIYu6N+1N4HZx9p7
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-