smokeloader | 50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087
Size

341KB
Sample

221204-b7erpsfd57
MD5

d3e6aae1b8a1f6873e6d7c375308e599
SHA1

1d10cbf70f9abb225b1b8b4146eed550a6cb27f3
SHA256

50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087
SHA512

4e498a144dbc30a9db9e29336c5b948ee672faa7938d6a9df4a72a471ef68ff6a4168a70855dce9cd50177493df1c566abdd61251460b43a53666435cfc195f2
SSDEEP

6144:reo6UJkW+lHI6SSafNbHnMW2RqnZXFMY:reo6siJUNjMW35GY

Score

10^/10

smokeloader vidar 1148 backdoor discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087.exe

Resource

win10-20220812-en

smokeloader vidar 1148 backdoor discovery spyware stealer trojan

windows10-1703-x64

24 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1148

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

Attributes

profile_id
1148

Targets

- Target
  
  50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087
- Size
  
  341KB
- MD5
  
  d3e6aae1b8a1f6873e6d7c375308e599
- SHA1
  
  1d10cbf70f9abb225b1b8b4146eed550a6cb27f3
- SHA256
  
  50cd76e757f34b9ee547359cc01cd01440fdf17a1160388a638775e18ac7a087
- SHA512
  
  4e498a144dbc30a9db9e29336c5b948ee672faa7938d6a9df4a72a471ef68ff6a4168a70855dce9cd50177493df1c566abdd61251460b43a53666435cfc195f2
- SSDEEP
  
  6144:reo6UJkW+lHI6SSafNbHnMW2RqnZXFMY:reo6siJUNjMW35GY
Score

10^/10

smokeloader vidar 1148 backdoor discovery spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

smokeloadervidar1148backdoordiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy