smokeloader | cceabd2f1ae77df49fdc6fdc7844e98d2f5c84003d769722c0d59d869b224d45 | Triage

Submit
Reports

Overview

overview

Static

static

79eb0de65e...6e.exe

windows7-x64

79eb0de65e...6e.exe

windows10-2004-x64

Sharing

General

Target

79eb0de65e77c00a9574910ba6443770a37c872d9fc6865086f5ecfeed82e46e
Size

194KB
Sample

221204-dbwrfsaf56
MD5

84bb324177d655078864b9e0a1c6827f
SHA1

c82326bdd84a1d6a2858e654499159bd7b2b2bb5
SHA256

cceabd2f1ae77df49fdc6fdc7844e98d2f5c84003d769722c0d59d869b224d45
SHA512

b417b3b1f24fe99526a5e5b6c859de84edf9b44762cf3f648abc53f7b6a67c414163a505bf4773b166adf85606464da4d57968a8ca7f442504f5a7758d4acb84
SSDEEP

3072:Va8/2M1Iu6c3qD/Ac8malQOnyT0q8pamVtSq1vQ2kft3MpxKZXdwuJgNMHew:VaPwvA/Ac8mmQsyT057V3JktcfKZt6yf

Score

10^/10

smokeloader vidar 1148 backdoor stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

79eb0de65e77c00a9574910ba6443770a37c872d9fc6865086f5ecfeed82e46e.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

79eb0de65e77c00a9574910ba6443770a37c872d9fc6865086f5ecfeed82e46e.exe

Resource

win10v2004-20220812-en

smokeloader vidar 1148 backdoor stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1148

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

Attributes

profile_id
1148

Targets

- Target
  
  79eb0de65e77c00a9574910ba6443770a37c872d9fc6865086f5ecfeed82e46e
- Size
  
  349KB
- MD5
  
  3c92e5261ce478c35357356eab2d02a6
- SHA1
  
  9621379903f13c177a2e53a0561a1b768a56ab59
- SHA256
  
  79eb0de65e77c00a9574910ba6443770a37c872d9fc6865086f5ecfeed82e46e
- SHA512
  
  5d48bb4e4e9915f7c3dcb394b8db743afd8e07bda0c4d6811168e770c9ea624d0f6f91f15904949a3fa2d069c343a62b2d7977780f29060d79d817a5fcd0ed4c
- SSDEEP
  
  6144:oOqIyHL+AiRYKRqtDfLKaHdMbPpwjaPuRjMgUt:o/7HsRY7hGauKRQg
Score

10^/10

smokeloader backdoor trojan vidar 1148 stealer
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

smokeloadervidar1148backdoorstealertrojan

© 2018-2024

Terms | Privacy