General
-
Target
ceb677cfc7a99f7dd569fd9d324dc80193e8baec73afcef9324e1bdc2125b130
-
Size
230KB
-
Sample
240213-krhm4adh31
-
MD5
de36e3595f602299015c17b281d220a5
-
SHA1
12b7726bcb3c27157c103bfec6213678ad62aed6
-
SHA256
ceb677cfc7a99f7dd569fd9d324dc80193e8baec73afcef9324e1bdc2125b130
-
SHA512
c672cc8fd3df1c3013c90e5c31f9f63ab63d65f272ed10c194d15cc7a5de118aae118510b0114dd10122db76760201dbf1f79afb8945e2a1ab4cd37368b3ef08
-
SSDEEP
3072:1qKNhjpqxmemFwMnvo2DOiwtvpzXzFHF5WYD4HCanq17xOebXnh7y5rYRTS64:JNBfF3BDOXtvRXdWyiHq1dOezh/g6
Static task
static1
Behavioral task
behavioral1
Sample
ceb677cfc7a99f7dd569fd9d324dc80193e8baec73afcef9324e1bdc2125b130.exe
Resource
win7-20231215-en
Malware Config
Extracted
smokeloader
pub3
Extracted
smokeloader
2022
http://sjyey.com/tmp/index.php
http://babonwo.ru/tmp/index.php
http://mth.com.ua/tmp/index.php
http://piratia.pw/tmp/index.php
http://go-piratia.ru/tmp/index.php
Extracted
amadey
4.14
http://anfesq.com
http://cbinr.com
http://rimakc.ru
-
install_dir
68fd3d7ade
-
install_file
Utsysc.exe
-
strings_key
27ec7fd6f50f63b8af0c1d3deefcc8fe
-
url_paths
/forum/index.php
Targets
-
-
Target
ceb677cfc7a99f7dd569fd9d324dc80193e8baec73afcef9324e1bdc2125b130
-
Size
230KB
-
MD5
de36e3595f602299015c17b281d220a5
-
SHA1
12b7726bcb3c27157c103bfec6213678ad62aed6
-
SHA256
ceb677cfc7a99f7dd569fd9d324dc80193e8baec73afcef9324e1bdc2125b130
-
SHA512
c672cc8fd3df1c3013c90e5c31f9f63ab63d65f272ed10c194d15cc7a5de118aae118510b0114dd10122db76760201dbf1f79afb8945e2a1ab4cd37368b3ef08
-
SSDEEP
3072:1qKNhjpqxmemFwMnvo2DOiwtvpzXzFHF5WYD4HCanq17xOebXnh7y5rYRTS64:JNBfF3BDOXtvRXdWyiHq1dOezh/g6
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-