General
-
Target
A6A0C59A5F4C53AC5DF74AAE93D700CF287A370505D81.exe
-
Size
2.3MB
-
Sample
211001-bqnnaaaffn
-
MD5
8e0d32c0195d67c5b2df608595e25992
-
SHA1
6b7e16ea79f90cdfe3560ade2d4a512231ae11a7
-
SHA256
a6a0c59a5f4c53ac5df74aae93d700cf287a370505d815b1bc26b006163d9bd7
-
SHA512
3efea612a8e55f004e4f9b7698e375c962b4a4ccaef47e1ea93e71f5ffac8a144d3e3af95b4633e1fec24a3b31ce7b698864a3ba2a54a1f16a15d6d5af96f8a9
Static task
static1
Behavioral task
behavioral1
Sample
A6A0C59A5F4C53AC5DF74AAE93D700CF287A370505D81.exe
Resource
win7-en-20210920
Malware Config
Extracted
smokeloader
2020
http://varmisende.com/upload/
http://fernandomayol.com/upload/
http://nextlytm.com/upload/
http://people4jan.com/upload/
http://asfaltwerk.com/upload/
Extracted
vidar
40.1
706
https://eduarroma.tumblr.com/
-
profile_id
706
Extracted
vidar
41.1
1028
https://mas.to/@bardak1ho
-
profile_id
1028
Targets
-
-
Target
A6A0C59A5F4C53AC5DF74AAE93D700CF287A370505D81.exe
-
Size
2.3MB
-
MD5
8e0d32c0195d67c5b2df608595e25992
-
SHA1
6b7e16ea79f90cdfe3560ade2d4a512231ae11a7
-
SHA256
a6a0c59a5f4c53ac5df74aae93d700cf287a370505d815b1bc26b006163d9bd7
-
SHA512
3efea612a8e55f004e4f9b7698e375c962b4a4ccaef47e1ea93e71f5ffac8a144d3e3af95b4633e1fec24a3b31ce7b698864a3ba2a54a1f16a15d6d5af96f8a9
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-