General
-
Target
280c314b18ddf2481c1173c653acf508262e0ad3dbf2dfa8b64f48d75bd10765.exe
-
Size
3.2MB
-
Sample
221019-3rzwgsdea8
-
MD5
d95bc24372683e79b6e64692fec36ce7
-
SHA1
e68f3e3bf13589534534775314f0a8d0c9ae260f
-
SHA256
280c314b18ddf2481c1173c653acf508262e0ad3dbf2dfa8b64f48d75bd10765
-
SHA512
b50ee4aa5ba1800fa976913f737b539e1a4fba569d1543662d76ced51294dcb1a3e3be5c20af2991aecb362517294cec74c250de2d7393f6b58013ee71c2ea13
-
SSDEEP
98304:xYqdUDZvPnnmRaR7TIndd4HNb3h30VVcCvLUBsKZ3yEE:xpYnKaRvInYtb3NevLUCKoEE
Static task
static1
Behavioral task
behavioral1
Sample
280c314b18ddf2481c1173c653acf508262e0ad3dbf2dfa8b64f48d75bd10765.exe
Resource
win7-20220812-en
Malware Config
Extracted
nullmixer
http://watira.xyz/
Extracted
vidar
39.8
706
https://xeronxikxxx.tumblr.com/
-
profile_id
706
Extracted
vidar
55
1679
http://138.201.90.120:80
-
profile_id
1679
Targets
-
-
Target
280c314b18ddf2481c1173c653acf508262e0ad3dbf2dfa8b64f48d75bd10765.exe
-
Size
3.2MB
-
MD5
d95bc24372683e79b6e64692fec36ce7
-
SHA1
e68f3e3bf13589534534775314f0a8d0c9ae260f
-
SHA256
280c314b18ddf2481c1173c653acf508262e0ad3dbf2dfa8b64f48d75bd10765
-
SHA512
b50ee4aa5ba1800fa976913f737b539e1a4fba569d1543662d76ced51294dcb1a3e3be5c20af2991aecb362517294cec74c250de2d7393f6b58013ee71c2ea13
-
SSDEEP
98304:xYqdUDZvPnnmRaR7TIndd4HNb3h30VVcCvLUBsKZ3yEE:xpYnKaRvInYtb3NevLUCKoEE
-
Detects Smokeloader packer
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-