General
-
Target
d4e34fa2627968f7c9fbdb71561eb1956c88be9cb654c03fc71400675de855fb
-
Size
222KB
-
Sample
221026-exj58aefg5
-
MD5
f8232029ca8fac08daa1a321d51a0712
-
SHA1
a64b56d95905ff2093ebd612a4591c983ae5a1ab
-
SHA256
d4e34fa2627968f7c9fbdb71561eb1956c88be9cb654c03fc71400675de855fb
-
SHA512
828e04118edd53d78281b6cf7a0ed105ff7b23cccce19a880a6ada5ce993d5aeb6640e8107878bd3a9fa04b6f703807bd85ba1cd8f1a51d3b884ab90b6cba0f1
-
SSDEEP
6144:+3JarcU7lqLXenevVMk5Ymplf+b7cMVw:+3Jarp7Y7enet/5lf+3lVw
Static task
static1
Malware Config
Extracted
vidar
55.2
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
d4e34fa2627968f7c9fbdb71561eb1956c88be9cb654c03fc71400675de855fb
-
Size
222KB
-
MD5
f8232029ca8fac08daa1a321d51a0712
-
SHA1
a64b56d95905ff2093ebd612a4591c983ae5a1ab
-
SHA256
d4e34fa2627968f7c9fbdb71561eb1956c88be9cb654c03fc71400675de855fb
-
SHA512
828e04118edd53d78281b6cf7a0ed105ff7b23cccce19a880a6ada5ce993d5aeb6640e8107878bd3a9fa04b6f703807bd85ba1cd8f1a51d3b884ab90b6cba0f1
-
SSDEEP
6144:+3JarcU7lqLXenevVMk5Ymplf+b7cMVw:+3Jarp7Y7enet/5lf+3lVw
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-