General
-
Target
sweetnessgoodforgreatnessthingswithgood.tIF.vbs
-
Size
219KB
-
Sample
250109-vqr59axmbq
-
MD5
8ccd875893cd23b67d7c61ea735f5c52
-
SHA1
6171c7dd4f67a67fff0ca151c7e9a06104e00def
-
SHA256
16328212055d6aa79c45b6624607f74b732b159db4c6cdf7d8e6835ebdc6e392
-
SHA512
3ceb06944fb1cb3f176e9163f761e3c2d97e72a9e0177f417d4a83e03f4b539fbcb2d7ebe53865a483cacdc8eaf16ce292245aed1cc60c207f7ca038ced07f31
-
SSDEEP
3072:A8gVmI3b0mgfmWu+ke9VOv5iG5sVhQ30Wk+70wgA1A:A8gVxe9VOvM
Static task
static1
Behavioral task
behavioral1
Sample
sweetnessgoodforgreatnessthingswithgood.tIF.vbs
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
sweetnessgoodforgreatnessthingswithgood.tIF.vbs
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://res.cloudinary.com/dnkr4s5yg/image/upload/v1735420882/givvuo2katk3jnggipgn.jpg%20
https://res.cloudinary.com/dnkr4s5yg/image/upload/v1735420882/givvuo2katk3jnggipgn.jpg%20
Targets
-
-
Target
sweetnessgoodforgreatnessthingswithgood.tIF.vbs
-
Size
219KB
-
MD5
8ccd875893cd23b67d7c61ea735f5c52
-
SHA1
6171c7dd4f67a67fff0ca151c7e9a06104e00def
-
SHA256
16328212055d6aa79c45b6624607f74b732b159db4c6cdf7d8e6835ebdc6e392
-
SHA512
3ceb06944fb1cb3f176e9163f761e3c2d97e72a9e0177f417d4a83e03f4b539fbcb2d7ebe53865a483cacdc8eaf16ce292245aed1cc60c207f7ca038ced07f31
-
SSDEEP
3072:A8gVmI3b0mgfmWu+ke9VOv5iG5sVhQ30Wk+70wgA1A:A8gVxe9VOvM
Score10/10-
Smokeloader family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-