General
-
Target
abc7109516e6629fb52d086e176af676ab0c23e289a83b0aeb2bd9b04290b2d6
-
Size
353KB
-
Sample
210810-n85b7g8x26
-
MD5
898e5d1f1b6d3a39c6273c6fdd891b28
-
SHA1
179c74f3a2b7652cc170d4a670c2acae3d885690
-
SHA256
abc7109516e6629fb52d086e176af676ab0c23e289a83b0aeb2bd9b04290b2d6
-
SHA512
f70a79ff501f6310def15412f2b740c8f0e709c9db6629385ce8ddbc7eb71f518ef01c8cff53ecdec0617dbc3974fac62d1f3fb546b63d90e356ec27e46ca7d0
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://aucmoney.com/upload/
http://thegymmum.com/upload/
http://atvcampingtrips.com/upload/
http://kuapakualaman.com/upload/
http://renatazarazua.com/upload/
http://nasufmutlu.com/upload/
Extracted
vidar
40
828
https://lenak513.tumblr.com/
-
profile_id
828
Targets
-
-
Target
abc7109516e6629fb52d086e176af676ab0c23e289a83b0aeb2bd9b04290b2d6
-
Size
353KB
-
MD5
898e5d1f1b6d3a39c6273c6fdd891b28
-
SHA1
179c74f3a2b7652cc170d4a670c2acae3d885690
-
SHA256
abc7109516e6629fb52d086e176af676ab0c23e289a83b0aeb2bd9b04290b2d6
-
SHA512
f70a79ff501f6310def15412f2b740c8f0e709c9db6629385ce8ddbc7eb71f518ef01c8cff53ecdec0617dbc3974fac62d1f3fb546b63d90e356ec27e46ca7d0
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-