General
-
Target
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677
-
Size
804KB
-
Sample
240601-xb2r9acb68
-
MD5
f72cedeb043278f63f9645424dbc36f5
-
SHA1
28a8be67a02280d90a97884d4d429edc8d8fada1
-
SHA256
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677
-
SHA512
f9b485ae582f37968339f753aca428f448c3f72bd92d4815fb831d23974f5e09ccec65cae4305e0f928acf68ef47d1f2215509ce0b35520f14006063934ce5d9
-
SSDEEP
24576:UfLDIhsWeIu7DjoEprmF1uBMznzcZ4ViSHKVcb1YEfBr:ufdRIeDjoElm/dH64ViSqqbDx
Static task
static1
Behavioral task
behavioral1
Sample
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677.exe
Resource
win11-20240419-en
Malware Config
Extracted
smokeloader
pub1
Targets
-
-
Target
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677
-
Size
804KB
-
MD5
f72cedeb043278f63f9645424dbc36f5
-
SHA1
28a8be67a02280d90a97884d4d429edc8d8fada1
-
SHA256
c4cf60e7a1678f6deec1f8ec4f4ddeca41528854950f6ac21693f7a14ca04677
-
SHA512
f9b485ae582f37968339f753aca428f448c3f72bd92d4815fb831d23974f5e09ccec65cae4305e0f928acf68ef47d1f2215509ce0b35520f14006063934ce5d9
-
SSDEEP
24576:UfLDIhsWeIu7DjoEprmF1uBMznzcZ4ViSHKVcb1YEfBr:ufdRIeDjoElm/dH64ViSqqbDx
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-