General
-
Target
b749c7a7fc44d1101a8e1c808c5f76be29df989820f2d11711c8d4004fb94d53
-
Size
255KB
-
Sample
221025-31elxaebg9
-
MD5
94e5f022e5234b0cd13cdb8907af6551
-
SHA1
cbcad8bdd6b3404aa5aabf6f0a75a097b2fa953c
-
SHA256
b749c7a7fc44d1101a8e1c808c5f76be29df989820f2d11711c8d4004fb94d53
-
SHA512
64e1721560bfc983d6a916ca129bcde3420d060fddefb42c210e672551f06a4eb6d4e7b3319a283530bd8c1af119e3ffaa999b34edb6dfc203a2aebf35836841
-
SSDEEP
3072:YvXVBQYbL9SSsm7PtT0jR2tAcNjuNdR8WQ9q+0YXpTkVPP2EOqCnulyyMT:gU0LFt7PtTt9j+8WQ/n5Bnul3MT
Static task
static1
Malware Config
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
b749c7a7fc44d1101a8e1c808c5f76be29df989820f2d11711c8d4004fb94d53
-
Size
255KB
-
MD5
94e5f022e5234b0cd13cdb8907af6551
-
SHA1
cbcad8bdd6b3404aa5aabf6f0a75a097b2fa953c
-
SHA256
b749c7a7fc44d1101a8e1c808c5f76be29df989820f2d11711c8d4004fb94d53
-
SHA512
64e1721560bfc983d6a916ca129bcde3420d060fddefb42c210e672551f06a4eb6d4e7b3319a283530bd8c1af119e3ffaa999b34edb6dfc203a2aebf35836841
-
SSDEEP
3072:YvXVBQYbL9SSsm7PtT0jR2tAcNjuNdR8WQ9q+0YXpTkVPP2EOqCnulyyMT:gU0LFt7PtTt9j+8WQ/n5Bnul3MT
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-