General
-
Target
1979b45e6cd2fdc1db57939d186c9f23709b89be5c5f6f67ba54ccc8c4127c29
-
Size
146KB
-
Sample
221006-afnd4agaa8
-
MD5
e09370c4a77d442586d6f2f435d22f41
-
SHA1
c1949719f1df204a296c89de420ff349f03ec2c2
-
SHA256
1979b45e6cd2fdc1db57939d186c9f23709b89be5c5f6f67ba54ccc8c4127c29
-
SHA512
a9a31405dc4319f2ee577887755525a5b6b93cf2fd285ada281c3841da298a915b4ac1a6a6f1f41104cdd8268cc6cd7616fbd7f1448a7956f3017cb8f114bdaf
-
SSDEEP
3072:nCx28avhf8BQEg+259yA3mwye2EYwa5O:CRzZqyA3PyefYwC
Static task
static1
Malware Config
Extracted
vidar
54.9
1681
https://t.me/larsenup
https://ioc.exchange/@zebra54
-
profile_id
1681
Targets
-
-
Target
1979b45e6cd2fdc1db57939d186c9f23709b89be5c5f6f67ba54ccc8c4127c29
-
Size
146KB
-
MD5
e09370c4a77d442586d6f2f435d22f41
-
SHA1
c1949719f1df204a296c89de420ff349f03ec2c2
-
SHA256
1979b45e6cd2fdc1db57939d186c9f23709b89be5c5f6f67ba54ccc8c4127c29
-
SHA512
a9a31405dc4319f2ee577887755525a5b6b93cf2fd285ada281c3841da298a915b4ac1a6a6f1f41104cdd8268cc6cd7616fbd7f1448a7956f3017cb8f114bdaf
-
SSDEEP
3072:nCx28avhf8BQEg+259yA3mwye2EYwa5O:CRzZqyA3PyefYwC
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-