General
-
Target
0aae81097ced637ea1154e678d97e240c383ecba268d215146032e35154723c9
-
Size
272KB
-
Sample
221005-1bzvfafhhp
-
MD5
df6289ebc7374f7a002bfc9af23eb0f4
-
SHA1
dc054153917c246b3a33f8bfb6b2c8e9c31e0166
-
SHA256
0aae81097ced637ea1154e678d97e240c383ecba268d215146032e35154723c9
-
SHA512
9e81503298744eae0c3c8f36338647d71f94592daf13175df43d44177fbb680e70595fbefdb37f2b23dbe96dad6e6ca909ac3f2bcfd8f5e1772f60ba7b8dadd8
-
SSDEEP
6144:g+if3L6bVchcNBbsMQzgEURuzbgwuq7jgfwVfUU:gHubVRNlsMigEWunnx7wU
Static task
static1
Malware Config
Extracted
vidar
54.9
1681
https://t.me/larsenup
https://ioc.exchange/@zebra54
-
profile_id
1681
Targets
-
-
Target
0aae81097ced637ea1154e678d97e240c383ecba268d215146032e35154723c9
-
Size
272KB
-
MD5
df6289ebc7374f7a002bfc9af23eb0f4
-
SHA1
dc054153917c246b3a33f8bfb6b2c8e9c31e0166
-
SHA256
0aae81097ced637ea1154e678d97e240c383ecba268d215146032e35154723c9
-
SHA512
9e81503298744eae0c3c8f36338647d71f94592daf13175df43d44177fbb680e70595fbefdb37f2b23dbe96dad6e6ca909ac3f2bcfd8f5e1772f60ba7b8dadd8
-
SSDEEP
6144:g+if3L6bVchcNBbsMQzgEURuzbgwuq7jgfwVfUU:gHubVRNlsMigEWunnx7wU
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-