General
-
Target
93446b8aac27c90e5f9a9fc9dd8376cac7fe8c94977bfe9c50326b2aea247142
-
Size
231KB
-
Sample
240213-z9b1lahd6t
-
MD5
7e9e73cd5e7ae3348e503347d4210cd9
-
SHA1
e5f4d2cddc027915f709e5c728fe268a790632b7
-
SHA256
93446b8aac27c90e5f9a9fc9dd8376cac7fe8c94977bfe9c50326b2aea247142
-
SHA512
2414ebe0cb8824268f3fb64f9f43b1cc4c6491a8f2362526730f8e0a082477145d827b0ffbe87f174a82cc742ab6f10f589c1c442d87955e7d6a52f192431ff4
-
SSDEEP
3072:HdKhh58jcFwwXtgQG/JzUldOZL9GwPc41N/9x4un5IzmXnvnHn5zlUz7:ohvjFRLG/nZxGwPcKN/gmIzOvxM
Static task
static1
Behavioral task
behavioral1
Sample
93446b8aac27c90e5f9a9fc9dd8376cac7fe8c94977bfe9c50326b2aea247142.exe
Resource
win7-20231215-en
Malware Config
Extracted
smokeloader
pub3
Extracted
smokeloader
2022
http://sjyey.com/tmp/index.php
http://babonwo.ru/tmp/index.php
http://mth.com.ua/tmp/index.php
http://piratia.pw/tmp/index.php
http://go-piratia.ru/tmp/index.php
Extracted
amadey
4.14
http://anfesq.com
http://cbinr.com
http://rimakc.ru
-
install_dir
68fd3d7ade
-
install_file
Utsysc.exe
-
strings_key
27ec7fd6f50f63b8af0c1d3deefcc8fe
-
url_paths
/forum/index.php
Targets
-
-
Target
93446b8aac27c90e5f9a9fc9dd8376cac7fe8c94977bfe9c50326b2aea247142
-
Size
231KB
-
MD5
7e9e73cd5e7ae3348e503347d4210cd9
-
SHA1
e5f4d2cddc027915f709e5c728fe268a790632b7
-
SHA256
93446b8aac27c90e5f9a9fc9dd8376cac7fe8c94977bfe9c50326b2aea247142
-
SHA512
2414ebe0cb8824268f3fb64f9f43b1cc4c6491a8f2362526730f8e0a082477145d827b0ffbe87f174a82cc742ab6f10f589c1c442d87955e7d6a52f192431ff4
-
SSDEEP
3072:HdKhh58jcFwwXtgQG/JzUldOZL9GwPc41N/9x4un5IzmXnvnHn5zlUz7:ohvjFRLG/nZxGwPcKN/gmIzOvxM
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-