General
-
Target
1e89ad1b57f362b2c08cb2a73bb0cb0cc59b1a80d992a7f7f730a564e659d6bb
-
Size
255KB
-
Sample
221025-2xfjcsebb6
-
MD5
f7826309fa064e57808cbfb952c1e03d
-
SHA1
bf3667f8a8a513e61f27204e17ff8cdc53bab9ee
-
SHA256
1e89ad1b57f362b2c08cb2a73bb0cb0cc59b1a80d992a7f7f730a564e659d6bb
-
SHA512
6379528a3e2608c6544df4d7339c1e52812a65a6d3cf6d0786fc89b873813f2d3496abd02a4a2ac9b68f51058591c72addb88adcca8fbacc4d0ebe3344216f7d
-
SSDEEP
3072:sxXVUQYbL9SSsm7PtTUjR2n/1c9S2VWGQTnWhe2JRv0mTbQ9HsT:GT0LFt7PtTNWS2YGQ7WlTv0m2MT
Static task
static1
Malware Config
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
1e89ad1b57f362b2c08cb2a73bb0cb0cc59b1a80d992a7f7f730a564e659d6bb
-
Size
255KB
-
MD5
f7826309fa064e57808cbfb952c1e03d
-
SHA1
bf3667f8a8a513e61f27204e17ff8cdc53bab9ee
-
SHA256
1e89ad1b57f362b2c08cb2a73bb0cb0cc59b1a80d992a7f7f730a564e659d6bb
-
SHA512
6379528a3e2608c6544df4d7339c1e52812a65a6d3cf6d0786fc89b873813f2d3496abd02a4a2ac9b68f51058591c72addb88adcca8fbacc4d0ebe3344216f7d
-
SSDEEP
3072:sxXVUQYbL9SSsm7PtTUjR2n/1c9S2VWGQTnWhe2JRv0mTbQ9HsT:GT0LFt7PtTNWS2YGQ7WlTv0m2MT
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-