General
-
Target
323e2c782142c1ccb02e6d28779211eb520317fe73c4a.exe
-
Size
345KB
-
Sample
211022-xd4pmachgn
-
MD5
9a74d5eab143394d5f7488c5ec0de4f4
-
SHA1
f32f0d695d48e4d8bc0f7f7521b9bc415a2c28b4
-
SHA256
323e2c782142c1ccb02e6d28779211eb520317fe73c4a1931b4c07c00c88cb5f
-
SHA512
72a3e7c1c021e11260760f78313953ce974a090cd1215df43196bd62d3c5df6f181c1b5e3a260a4a9eea1a55caa919a209a50b76fb58253d5863196d6b9754f6
Static task
static1
Behavioral task
behavioral1
Sample
323e2c782142c1ccb02e6d28779211eb520317fe73c4a.exe
Resource
win7-en-20210920
Malware Config
Extracted
smokeloader
2020
http://directorycart.com/upload/
http://tierzahnarzt.at/upload/
http://streetofcards.com/upload/
http://ycdfzd.com/upload/
http://successcoachceo.com/upload/
http://uhvu.cn/upload/
http://japanarticle.com/upload/
Extracted
icedid
1875681804
enticationmetho.ink
Extracted
vidar
41.5
936
https://mas.to/@xeroxxx
-
profile_id
936
Targets
-
-
Target
323e2c782142c1ccb02e6d28779211eb520317fe73c4a.exe
-
Size
345KB
-
MD5
9a74d5eab143394d5f7488c5ec0de4f4
-
SHA1
f32f0d695d48e4d8bc0f7f7521b9bc415a2c28b4
-
SHA256
323e2c782142c1ccb02e6d28779211eb520317fe73c4a1931b4c07c00c88cb5f
-
SHA512
72a3e7c1c021e11260760f78313953ce974a090cd1215df43196bd62d3c5df6f181c1b5e3a260a4a9eea1a55caa919a209a50b76fb58253d5863196d6b9754f6
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-