General
-
Target
33CBD9E39DD39A84D0426897605B17000046E0FB14399.exe
-
Size
4.0MB
-
Sample
211112-t4bjzsdha6
-
MD5
71bc63e722d597e42e4ac2bd95a72ece
-
SHA1
23a8f42cb0de7b2dab66ec53ba2d755b5a4d896a
-
SHA256
33cbd9e39dd39a84d0426897605b17000046e0fb14399e9d0bf47b55c0e3ad8b
-
SHA512
52593a1450baa97d9e865ea24dfc21d0794025312c6b119e31f4a747bc67042be20932ad9b9ff8ba49b9e8ccce59c2f933a2cbdf02eb441bcd39c3ea3b24444f
Static task
static1
Behavioral task
behavioral1
Sample
33CBD9E39DD39A84D0426897605B17000046E0FB14399.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
33CBD9E39DD39A84D0426897605B17000046E0FB14399.exe
Resource
win10-en-20211014
Malware Config
Extracted
vidar
40.2
706
https://kipriauka.tumblr.com/
-
profile_id
706
Extracted
smokeloader
2020
http://misha.at/upload/
http://roohaniinfra.com/upload/
http://0axqpcc.cn/upload/
http://mayak-lombard.ru/upload/
http://mebel-lass.ru/upload/
http://dishakhan.com/upload/
Extracted
vidar
48.3
937
-
profile_id
937
Targets
-
-
Target
33CBD9E39DD39A84D0426897605B17000046E0FB14399.exe
-
Size
4.0MB
-
MD5
71bc63e722d597e42e4ac2bd95a72ece
-
SHA1
23a8f42cb0de7b2dab66ec53ba2d755b5a4d896a
-
SHA256
33cbd9e39dd39a84d0426897605b17000046e0fb14399e9d0bf47b55c0e3ad8b
-
SHA512
52593a1450baa97d9e865ea24dfc21d0794025312c6b119e31f4a747bc67042be20932ad9b9ff8ba49b9e8ccce59c2f933a2cbdf02eb441bcd39c3ea3b24444f
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-