General
-
Target
41be60fd94f911302f2e1831b9be47fe67cec232d6b0c6e2947be3ac2589f3c4
-
Size
88KB
-
Sample
240726-cl8nbsshnd
-
MD5
a3b5ab95ee1befb7a131f2ddd20f96b1
-
SHA1
792d69f6188d20b2a9e8edbd72c6862049d65812
-
SHA256
41be60fd94f911302f2e1831b9be47fe67cec232d6b0c6e2947be3ac2589f3c4
-
SHA512
4f2a580152c9d24b3ee5f005d80449fab40271bac610df72cb4bc818eb96ed2e28b54ac2ba67ac497babd0110a411468d2a2c49a95bac251b1a4fe221a9b0843
-
SSDEEP
1536:o2Jf5bXpmpaHM3aRHW5Uw2v9j/ZKeAMJKb7fKXkX3m2DDYpM6R:tbXpmpaHMq8IvNRKeAMJMf6kX3m2DDO
Static task
static1
Behavioral task
behavioral1
Sample
be1c79275d836696a00b258d15a8b337a8c9beb8198a5bd3d5aaf64d660c8005.exe
Resource
win7-20240704-en
Malware Config
Extracted
smokeloader
pub1
Targets
-
-
Target
be1c79275d836696a00b258d15a8b337a8c9beb8198a5bd3d5aaf64d660c8005.exe
-
Size
241KB
-
MD5
1d71d802fb38181c29a9844716b11ab2
-
SHA1
9039f711a6d9f709329a80176a2dd4db023e9188
-
SHA256
be1c79275d836696a00b258d15a8b337a8c9beb8198a5bd3d5aaf64d660c8005
-
SHA512
daa43a543385efac11534c9646859373667c954448eb3ac9f0ed533777c3218c78a9e8c7710d38cdfb6898faf358a3db19212f2ff9aff002d3f625e9ab348062
-
SSDEEP
3072:8bKK0udcEAuWCFKmWi6SGF5HsFbzkGCH:uxCERWThJstF
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-