General
-
Target
989db8a6b5f4ba593d8f483ac12e47ba8129f056d62cd182bac7bb2572e18d48
-
Size
199KB
-
Sample
210921-lh8ctshae7
-
MD5
5c9a90c6299cc0f9a7d8390af5f98433
-
SHA1
7d9bab4d7ed6c8ccb79effc647772855acb4062f
-
SHA256
989db8a6b5f4ba593d8f483ac12e47ba8129f056d62cd182bac7bb2572e18d48
-
SHA512
f9013d21c3a49b7391afaddda77a560c36e94f5e2d9f5e1e772e3aa9c7bfcc4e6d11736562f894f5a5ee2aea8cd86a18bf193436f2f0952d02dbe53f3fca62e8
Static task
static1
Malware Config
Extracted
smokeloader
2020
http://varmisende.com/upload/
http://fernandomayol.com/upload/
http://nextlytm.com/upload/
http://people4jan.com/upload/
http://asfaltwerk.com/upload/
Extracted
vidar
40.8
828
https://pavlovoler.tumblr.com/
-
profile_id
828
Targets
-
-
Target
989db8a6b5f4ba593d8f483ac12e47ba8129f056d62cd182bac7bb2572e18d48
-
Size
199KB
-
MD5
5c9a90c6299cc0f9a7d8390af5f98433
-
SHA1
7d9bab4d7ed6c8ccb79effc647772855acb4062f
-
SHA256
989db8a6b5f4ba593d8f483ac12e47ba8129f056d62cd182bac7bb2572e18d48
-
SHA512
f9013d21c3a49b7391afaddda77a560c36e94f5e2d9f5e1e772e3aa9c7bfcc4e6d11736562f894f5a5ee2aea8cd86a18bf193436f2f0952d02dbe53f3fca62e8
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-