General
-
Target
e25d0dafe6f40b5620c8d8edc7584df2b16b52c2b977607263d314ba9b8afe0f
-
Size
199KB
-
Sample
210921-l9qbbshbd8
-
MD5
c096caa1f6363fecd58b62762f54dc79
-
SHA1
9b2961b17a9fb17f4c4e0663417ec2087c63d6ab
-
SHA256
e25d0dafe6f40b5620c8d8edc7584df2b16b52c2b977607263d314ba9b8afe0f
-
SHA512
db533a091a758ee116bdeeceda08793b8641f9b5bc3baed847402395207b8762c8d90f0fd446bca1fa2299d4223addeb27a3c759bc120f158fb6d37da5b7fd96
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://varmisende.com/upload/
http://fernandomayol.com/upload/
http://nextlytm.com/upload/
http://people4jan.com/upload/
http://asfaltwerk.com/upload/
Extracted
vidar
40.8
828
https://pavlovoler.tumblr.com/
-
profile_id
828
Targets
-
-
Target
e25d0dafe6f40b5620c8d8edc7584df2b16b52c2b977607263d314ba9b8afe0f
-
Size
199KB
-
MD5
c096caa1f6363fecd58b62762f54dc79
-
SHA1
9b2961b17a9fb17f4c4e0663417ec2087c63d6ab
-
SHA256
e25d0dafe6f40b5620c8d8edc7584df2b16b52c2b977607263d314ba9b8afe0f
-
SHA512
db533a091a758ee116bdeeceda08793b8641f9b5bc3baed847402395207b8762c8d90f0fd446bca1fa2299d4223addeb27a3c759bc120f158fb6d37da5b7fd96
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-