General
-
Target
dik.rar
-
Size
14.0MB
-
Sample
240229-szpelsdc2w
-
MD5
1745beb096fa778edaa4af460963f6f1
-
SHA1
be8ce59abd516c8e20c9b7f48bbf6bf37ae9bd92
-
SHA256
6c36e5d456335dd880fd2e168289af1a4af14d44df540ab55a3083eaa8dbf786
-
SHA512
d26857952e6bba78b80df44e1e3836e0031de8b7daa6ffe1327db85a1a8f50ace7ae8273811b825c6885e8a349d2391e0e8c0153b3b0688064f48aefbe73c681
-
SSDEEP
393216:SIerHUFihoO/zvu76vng32jewXDTdgBqyReTDeAZQ:Snr0QoKzvLvnlmBhe3hQ
Static task
static1
Behavioral task
behavioral1
Sample
dik.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dik.rar
Resource
win10v2004-20240226-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Extracted
smokeloader
2022
http://selebration17io.io/index.php
http://vacantion18ffeu.cc/index.php
http://valarioulinity1.net/index.php
http://buriatiarutuhuob.net/index.php
http://cassiosssionunu.me/index.php
http://sulugilioiu19.net/index.php
http://goodfooggooftool.net/index.php
Extracted
risepro
193.233.132.62
Extracted
smokeloader
pub3
Targets
-
-
Target
dik.rar
-
Size
14.0MB
-
MD5
1745beb096fa778edaa4af460963f6f1
-
SHA1
be8ce59abd516c8e20c9b7f48bbf6bf37ae9bd92
-
SHA256
6c36e5d456335dd880fd2e168289af1a4af14d44df540ab55a3083eaa8dbf786
-
SHA512
d26857952e6bba78b80df44e1e3836e0031de8b7daa6ffe1327db85a1a8f50ace7ae8273811b825c6885e8a349d2391e0e8c0153b3b0688064f48aefbe73c681
-
SSDEEP
393216:SIerHUFihoO/zvu76vng32jewXDTdgBqyReTDeAZQ:Snr0QoKzvLvnlmBhe3hQ
-
Creates new service(s)
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-