General
-
Target
be5474d737b94c741ce76684b75845789e955ed8e12fbc0da8c54a61ebb04d4e
-
Size
242KB
-
Sample
221025-nb75laceak
-
MD5
a67442221d98483f413b98d68212f0c2
-
SHA1
338245e81e18be00054f7e54b50991b14111cc54
-
SHA256
be5474d737b94c741ce76684b75845789e955ed8e12fbc0da8c54a61ebb04d4e
-
SHA512
e1d50612556f500d2f161979dd62487e83e19f8c474907f6dd6463bf09d044f954e432da17accde4a93e8b8d00a2cd11214674fb09c949d427f73ef685019a5c
-
SSDEEP
3072:OXsjgcJLEgEug/8dX5OGO6GeLd+b7+L35y2FnTT43MWboO:WncJLe/8eGfJvL35PFTTMoO
Static task
static1
Malware Config
Extracted
vidar
55.2
324
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
324
Extracted
danabot
49.0.50.0:57
51.0.52.0:0
53.0.54.0:1200
55.0.56.0:65535
-
embedded_hash
569235DCA8F16ED8310BBACCB674F896
-
type
loader
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
be5474d737b94c741ce76684b75845789e955ed8e12fbc0da8c54a61ebb04d4e
-
Size
242KB
-
MD5
a67442221d98483f413b98d68212f0c2
-
SHA1
338245e81e18be00054f7e54b50991b14111cc54
-
SHA256
be5474d737b94c741ce76684b75845789e955ed8e12fbc0da8c54a61ebb04d4e
-
SHA512
e1d50612556f500d2f161979dd62487e83e19f8c474907f6dd6463bf09d044f954e432da17accde4a93e8b8d00a2cd11214674fb09c949d427f73ef685019a5c
-
SSDEEP
3072:OXsjgcJLEgEug/8dX5OGO6GeLd+b7+L35y2FnTT43MWboO:WncJLe/8eGfJvL35PFTTMoO
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-