General
-
Target
c15f3ac17ea11c15b75f91cfdfb7871d6acfb656bf491a56095940ee340ffb61
-
Size
286KB
-
Sample
221030-gqggvsfhcm
-
MD5
6af8edda3ba74858ffed60c6a4f1bfd2
-
SHA1
aa41f583fb12db55eab39d1a0aad3fba254606dd
-
SHA256
c15f3ac17ea11c15b75f91cfdfb7871d6acfb656bf491a56095940ee340ffb61
-
SHA512
230f3296fc5228af98cc92477eb43f7fb5d0050667240dafaf161784dfba040a28aadb7eebe407e68f9ace5efac4b700db67dba85741feac21fa0dc7d64e86ee
-
SSDEEP
6144:QuUzvxLlfMCNK5rP4F5/I7W83SawB8a8xn1w:pUzp9PKhPa5/N83SawCa5
Static task
static1
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Extracted
vidar
55.3
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
c15f3ac17ea11c15b75f91cfdfb7871d6acfb656bf491a56095940ee340ffb61
-
Size
286KB
-
MD5
6af8edda3ba74858ffed60c6a4f1bfd2
-
SHA1
aa41f583fb12db55eab39d1a0aad3fba254606dd
-
SHA256
c15f3ac17ea11c15b75f91cfdfb7871d6acfb656bf491a56095940ee340ffb61
-
SHA512
230f3296fc5228af98cc92477eb43f7fb5d0050667240dafaf161784dfba040a28aadb7eebe407e68f9ace5efac4b700db67dba85741feac21fa0dc7d64e86ee
-
SSDEEP
6144:QuUzvxLlfMCNK5rP4F5/I7W83SawB8a8xn1w:pUzp9PKhPa5/N83SawCa5
-
Detects Smokeloader packer
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-