General
-
Target
9a319cf220a3b2553e1914540b68dbfa1a0cdbc1e135e7388148a72e3c3c6b1d
-
Size
350KB
-
Sample
221203-wcqkyabf99
-
MD5
5464002ac36ec5514788baa15c3762d3
-
SHA1
a65bd46bf4ab13a1c6c6e7652eb09d4828a23ae6
-
SHA256
9a319cf220a3b2553e1914540b68dbfa1a0cdbc1e135e7388148a72e3c3c6b1d
-
SHA512
7597d62b48148fdd29345c85cfd0ca65d5cecea8652902f75e689147aeba05bd817b8acee9155110dd287f8a8a63e48371186e90449901eec8277c8c8f4e1408
-
SSDEEP
3072:G+CIAWAPJPI5AB/qfal3MC+YH5nWP7OtJY9GnWNTC6NRMHnlX1pjC0JviHYDrEmU:gWeJP5B/qiS0wxgnMW2Rqnf3JiY
Static task
static1
Malware Config
Extracted
vidar
56
1148
https://t.me/asifrazatg
https://steamcommunity.com/profiles/76561199439929669
-
profile_id
1148
Targets
-
-
Target
9a319cf220a3b2553e1914540b68dbfa1a0cdbc1e135e7388148a72e3c3c6b1d
-
Size
350KB
-
MD5
5464002ac36ec5514788baa15c3762d3
-
SHA1
a65bd46bf4ab13a1c6c6e7652eb09d4828a23ae6
-
SHA256
9a319cf220a3b2553e1914540b68dbfa1a0cdbc1e135e7388148a72e3c3c6b1d
-
SHA512
7597d62b48148fdd29345c85cfd0ca65d5cecea8652902f75e689147aeba05bd817b8acee9155110dd287f8a8a63e48371186e90449901eec8277c8c8f4e1408
-
SSDEEP
3072:G+CIAWAPJPI5AB/qfal3MC+YH5nWP7OtJY9GnWNTC6NRMHnlX1pjC0JviHYDrEmU:gWeJP5B/qiS0wxgnMW2Rqnf3JiY
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-