General
-
Target
ade97ee2d8365bac817b0ce3c933cd8d.exe
-
Size
408KB
-
Sample
211022-xdjpfscac8
-
MD5
ade97ee2d8365bac817b0ce3c933cd8d
-
SHA1
3c01c46b6f14a5e752b78c7bd7916cfea7cb81ef
-
SHA256
8d5b572415a417017f3cac4151ee47381999a7826c09553160512310314aec68
-
SHA512
77e5d1c56ce91c9650b6c5aa70b7d887214aa4a5228fbc31a283ea6f2900dbdbfa4e84dcd5051f58023f4e369dbe0050c23970daf7ea284ae0d9d72910706d13
Static task
static1
Behavioral task
behavioral1
Sample
ade97ee2d8365bac817b0ce3c933cd8d.exe
Resource
win7-en-20210920
Malware Config
Extracted
smokeloader
2020
http://directorycart.com/upload/
http://tierzahnarzt.at/upload/
http://streetofcards.com/upload/
http://ycdfzd.com/upload/
http://successcoachceo.com/upload/
http://uhvu.cn/upload/
http://japanarticle.com/upload/
Extracted
icedid
1875681804
enticationmetho.ink
Extracted
vidar
41.5
936
https://mas.to/@xeroxxx
-
profile_id
936
Targets
-
-
Target
ade97ee2d8365bac817b0ce3c933cd8d.exe
-
Size
408KB
-
MD5
ade97ee2d8365bac817b0ce3c933cd8d
-
SHA1
3c01c46b6f14a5e752b78c7bd7916cfea7cb81ef
-
SHA256
8d5b572415a417017f3cac4151ee47381999a7826c09553160512310314aec68
-
SHA512
77e5d1c56ce91c9650b6c5aa70b7d887214aa4a5228fbc31a283ea6f2900dbdbfa4e84dcd5051f58023f4e369dbe0050c23970daf7ea284ae0d9d72910706d13
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-