General
-
Target
be80b4e94a314d5a93ada9abaf4f7b80b7c097f2ce099076091c7286b22f22dd
-
Size
256KB
-
Sample
221026-b9ff1seeel
-
MD5
2eee6fb1fee3f09ad9a6255d785513ec
-
SHA1
e64812a617692fd21567c814ad4c481b758b239a
-
SHA256
be80b4e94a314d5a93ada9abaf4f7b80b7c097f2ce099076091c7286b22f22dd
-
SHA512
e3bd4c8f7daf0931953a41f19d21cebf59fb02afc547671400a8bdc48a4a0b3d9b1c155491f263177b48c74a0053787ea0ba98936ef0ac9956e1f061db85c188
-
SSDEEP
3072:dXKvuEyFLssiCLyZYwD+gRGQ8pgpWR+alsAMHuR4CdmD/Amk:ZkuE8LJtgYwD+3UuqAMO5u4F
Static task
static1
Malware Config
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
be80b4e94a314d5a93ada9abaf4f7b80b7c097f2ce099076091c7286b22f22dd
-
Size
256KB
-
MD5
2eee6fb1fee3f09ad9a6255d785513ec
-
SHA1
e64812a617692fd21567c814ad4c481b758b239a
-
SHA256
be80b4e94a314d5a93ada9abaf4f7b80b7c097f2ce099076091c7286b22f22dd
-
SHA512
e3bd4c8f7daf0931953a41f19d21cebf59fb02afc547671400a8bdc48a4a0b3d9b1c155491f263177b48c74a0053787ea0ba98936ef0ac9956e1f061db85c188
-
SSDEEP
3072:dXKvuEyFLssiCLyZYwD+gRGQ8pgpWR+alsAMHuR4CdmD/Amk:ZkuE8LJtgYwD+3UuqAMO5u4F
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-