General
-
Target
9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8
-
Size
726KB
-
Sample
240519-gflzlada5z
-
MD5
8e0d41311b2270061c6bcd1e69600f0a
-
SHA1
f7089dc2c43021c3619737b50d59681569a4b220
-
SHA256
9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8
-
SHA512
668e7c567584192a780a6ca798335e4d17717aac777e324f3ca3a17f9d368afd509c1a28400cdf56d8a2d15fd6b5d528f32c714d8aa5b740641d6a66dfc7ce48
-
SSDEEP
12288:jjp2zZNUptE4Nqfzqk8Bx9SMb5EPL86xImlKk4jue3p+JJD4b/YiFfDBKNcXDaTh:4zZNUptE4MfGk8B35286+k4p+JaYiZVS
Static task
static1
Behavioral task
behavioral1
Sample
9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8.exe
Resource
win11-20240419-en
Malware Config
Extracted
smokeloader
pub1
Targets
-
-
Target
9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8
-
Size
726KB
-
MD5
8e0d41311b2270061c6bcd1e69600f0a
-
SHA1
f7089dc2c43021c3619737b50d59681569a4b220
-
SHA256
9719eb8b2eca4197d63e09c1939144931ca6485338baee6b281ee2745c1793c8
-
SHA512
668e7c567584192a780a6ca798335e4d17717aac777e324f3ca3a17f9d368afd509c1a28400cdf56d8a2d15fd6b5d528f32c714d8aa5b740641d6a66dfc7ce48
-
SSDEEP
12288:jjp2zZNUptE4Nqfzqk8Bx9SMb5EPL86xImlKk4jue3p+JJD4b/YiFfDBKNcXDaTh:4zZNUptE4MfGk8B35286+k4p+JaYiZVS
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-