General
-
Target
4b27dec0a98360e6db50598a83e348160520866059ae38fd2f5c5c36b604f8c3
-
Size
254KB
-
Sample
221026-bjgldsedbl
-
MD5
cbd1a2bd0ff3262be7d4bab90bf659e2
-
SHA1
47696a65eed72505ab5095dd07107841ecb5e1eb
-
SHA256
4b27dec0a98360e6db50598a83e348160520866059ae38fd2f5c5c36b604f8c3
-
SHA512
fb715bb2658a0e2831e512a31f4328c6b1175331c69e9181556e43e00e3707337468cb26d238aa00a974c05d846d189f2dca00779696630adab4bf4050acd934
-
SSDEEP
3072:4XKgvdTOL60C3OxkI8+2RGJlWdqjKKJt5fKE+KD58rscoMFixgk:MvvdKLaMkI8+d+8rxeK5cscNFixX
Static task
static1
Malware Config
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
4b27dec0a98360e6db50598a83e348160520866059ae38fd2f5c5c36b604f8c3
-
Size
254KB
-
MD5
cbd1a2bd0ff3262be7d4bab90bf659e2
-
SHA1
47696a65eed72505ab5095dd07107841ecb5e1eb
-
SHA256
4b27dec0a98360e6db50598a83e348160520866059ae38fd2f5c5c36b604f8c3
-
SHA512
fb715bb2658a0e2831e512a31f4328c6b1175331c69e9181556e43e00e3707337468cb26d238aa00a974c05d846d189f2dca00779696630adab4bf4050acd934
-
SSDEEP
3072:4XKgvdTOL60C3OxkI8+2RGJlWdqjKKJt5fKE+KD58rscoMFixgk:MvvdKLaMkI8+d+8rxeK5cscNFixX
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-