General
-
Target
50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087
-
Size
341KB
-
Sample
221204-b7erpsfd57
-
MD5
d3e6aae1b8a1f6873e6d7c375308e599
-
SHA1
1d10cbf70f9abb225b1b8b4146eed550a6cb27f3
-
SHA256
50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087
-
SHA512
4e498a144dbc30a9db9e29336c5b948ee672faa7938d6a9df4a72a471ef68ff6a4168a70855dce9cd50177493df1c566abdd61251460b43a53666435cfc195f2
-
SSDEEP
6144:reo6UJkW+lHI6SSafNbHnMW2RqnZXFMY:reo6siJUNjMW35GY
Static task
static1
Malware Config
Extracted
vidar
56
1148
https://t.me/asifrazatg
https://steamcommunity.com/profiles/76561199439929669
-
profile_id
1148
Targets
-
-
Target
50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087
-
Size
341KB
-
MD5
d3e6aae1b8a1f6873e6d7c375308e599
-
SHA1
1d10cbf70f9abb225b1b8b4146eed550a6cb27f3
-
SHA256
50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087
-
SHA512
4e498a144dbc30a9db9e29336c5b948ee672faa7938d6a9df4a72a471ef68ff6a4168a70855dce9cd50177493df1c566abdd61251460b43a53666435cfc195f2
-
SSDEEP
6144:reo6UJkW+lHI6SSafNbHnMW2RqnZXFMY:reo6siJUNjMW35GY
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-