General
-
Target
aba228d167cbabe85ed94101c53d367bdd423d3fa84b977f4629c528912b0220.exe
-
Size
735KB
-
Sample
240523-r5zxvseg8s
-
MD5
fb9c4b9a277d1bec79c5d72eb92048ae
-
SHA1
cef6d340e836b1deb4be733e67273d1a9a328a35
-
SHA256
aba228d167cbabe85ed94101c53d367bdd423d3fa84b977f4629c528912b0220
-
SHA512
f5b1dd2da2d2417c7f54f339cb4a8ad8ffb099e758ec4521a1781507e9d71a166ea967ca425e1cf735c5b8aee7a207a98265a67e4067ab8a3bccc232f3d365d8
-
SSDEEP
12288:ZFs228hxeGgy74QrVA2s/gUZj9yypbStAbQwxTnrmyP6iWOFhLKXMht7numB6804:s2/TD4QrsgYRyyItAHrmyfT3mCnT6804
Static task
static1
Behavioral task
behavioral1
Sample
aba228d167cbabe85ed94101c53d367bdd423d3fa84b977f4629c528912b0220.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
aba228d167cbabe85ed94101c53d367bdd423d3fa84b977f4629c528912b0220.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
smokeloader
2022
http://bipto.org/tmp/index.php
http://jobresurs.ru/tmp/index.php
http://tonybabb.com/tmp/index.php
Extracted
smokeloader
pub2
Targets
-
-
Target
aba228d167cbabe85ed94101c53d367bdd423d3fa84b977f4629c528912b0220.exe
-
Size
735KB
-
MD5
fb9c4b9a277d1bec79c5d72eb92048ae
-
SHA1
cef6d340e836b1deb4be733e67273d1a9a328a35
-
SHA256
aba228d167cbabe85ed94101c53d367bdd423d3fa84b977f4629c528912b0220
-
SHA512
f5b1dd2da2d2417c7f54f339cb4a8ad8ffb099e758ec4521a1781507e9d71a166ea967ca425e1cf735c5b8aee7a207a98265a67e4067ab8a3bccc232f3d365d8
-
SSDEEP
12288:ZFs228hxeGgy74QrVA2s/gUZj9yypbStAbQwxTnrmyP6iWOFhLKXMht7numB6804:s2/TD4QrsgYRyyItAHrmyfT3mCnT6804
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-