General
-
Target
7be9ca1ac0d56716a39939f6f47faca8399df8862325ca0d5a90b03ad6012601
-
Size
255KB
-
Sample
221026-d6f99aefep
-
MD5
19e63e7ad67056e1a4240499db1602c8
-
SHA1
6957c4325dc8440b41700bea2d53e5b1ad524dc3
-
SHA256
7be9ca1ac0d56716a39939f6f47faca8399df8862325ca0d5a90b03ad6012601
-
SHA512
01aa98913526f179bef73636a8a0c5d7b365ea4094e3a330917990152abea2fa0c933f30705acc163581dac3a5fcd9f11c678f8c321764a6e187805055d6cf9f
-
SSDEEP
6144:xiPM6rLnMgVDei/pk28xMkLuK+8nboDLXr:UPLTMgVDeDXx464
Static task
static1
Malware Config
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
7be9ca1ac0d56716a39939f6f47faca8399df8862325ca0d5a90b03ad6012601
-
Size
255KB
-
MD5
19e63e7ad67056e1a4240499db1602c8
-
SHA1
6957c4325dc8440b41700bea2d53e5b1ad524dc3
-
SHA256
7be9ca1ac0d56716a39939f6f47faca8399df8862325ca0d5a90b03ad6012601
-
SHA512
01aa98913526f179bef73636a8a0c5d7b365ea4094e3a330917990152abea2fa0c933f30705acc163581dac3a5fcd9f11c678f8c321764a6e187805055d6cf9f
-
SSDEEP
6144:xiPM6rLnMgVDei/pk28xMkLuK+8nboDLXr:UPLTMgVDeDXx464
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-