General
-
Target
a90b17c5255aae7b4eed7e1d0532ba7ce6b64a10902c91fb7a279c2a1e9445e4
-
Size
285KB
-
Sample
221030-b8y7qsfge7
-
MD5
9cdf5081c48c1c51aaf527e4f1ea705e
-
SHA1
20be01a1e99f950b7cfdef116fc736887e20bd6b
-
SHA256
a90b17c5255aae7b4eed7e1d0532ba7ce6b64a10902c91fb7a279c2a1e9445e4
-
SHA512
c02f81e1747a330f3f0f575b0e7d36300d8dae56c32de3a6392b6e3f351b1de1bdbb768fa50489f38ab66e332c1e8959a92edcf2421bb1ac2066f694aa3f99b7
-
SSDEEP
3072:nZZ5QJTUCvHurL2VfzCEe1a5gAj9EotMsU31Z2zDqxgWWjDhuiFDw5225EM/h3:mUCvOrL2VfzCEBi3v8Dw5XE
Static task
static1
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Extracted
vidar
55.3
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
a90b17c5255aae7b4eed7e1d0532ba7ce6b64a10902c91fb7a279c2a1e9445e4
-
Size
285KB
-
MD5
9cdf5081c48c1c51aaf527e4f1ea705e
-
SHA1
20be01a1e99f950b7cfdef116fc736887e20bd6b
-
SHA256
a90b17c5255aae7b4eed7e1d0532ba7ce6b64a10902c91fb7a279c2a1e9445e4
-
SHA512
c02f81e1747a330f3f0f575b0e7d36300d8dae56c32de3a6392b6e3f351b1de1bdbb768fa50489f38ab66e332c1e8959a92edcf2421bb1ac2066f694aa3f99b7
-
SSDEEP
3072:nZZ5QJTUCvHurL2VfzCEe1a5gAj9EotMsU31Z2zDqxgWWjDhuiFDw5225EM/h3:mUCvOrL2VfzCEBi3v8Dw5XE
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-