smokeloader | 16fed034551e5731375d162ad28009e72ba021f144231126537fb6b65a11fc95 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

16fed034551e5731375d162ad28009e72ba021f144231126537fb6b65a11fc95
Size

342KB
Sample

221204-hj451sae7t
MD5

745b627712b42eb5093a07b4a0d58e27
SHA1

ec8001161a8bc55b06e123f5e6ed28a8364be380
SHA256

16fed034551e5731375d162ad28009e72ba021f144231126537fb6b65a11fc95
SHA512

eb1082755c7b604f592957b7bda6b046c3c8c12513bd1cd649bd2b7b3be830da669e4fbaaffe8ea17b3ed4836a12b06b414c454daa91b10ea8431fe3025d337f
SSDEEP

6144:aCvomHq1+Ffgi4cRn53nMW2RqnSI6tXhY:aCvomtFV3MW3SBY

Score

10^/10

smokeloader vidar 1148 backdoor discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

16fed034551e5731375d162ad28009e72ba021f144231126537fb6b65a11fc95.exe

Resource

win10-20220901-en

smokeloader vidar 1148 backdoor discovery spyware stealer trojan

windows10-1703-x64

24 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

56

Botnet

1148

C2

https://t.me/asifrazatg

https://steamcommunity.com/profiles/76561199439929669

Attributes

profile_id
1148

Targets

- Target
  
  16fed034551e5731375d162ad28009e72ba021f144231126537fb6b65a11fc95
- Size
  
  342KB
- MD5
  
  745b627712b42eb5093a07b4a0d58e27
- SHA1
  
  ec8001161a8bc55b06e123f5e6ed28a8364be380
- SHA256
  
  16fed034551e5731375d162ad28009e72ba021f144231126537fb6b65a11fc95
- SHA512
  
  eb1082755c7b604f592957b7bda6b046c3c8c12513bd1cd649bd2b7b3be830da669e4fbaaffe8ea17b3ed4836a12b06b414c454daa91b10ea8431fe3025d337f
- SSDEEP
  
  6144:aCvomHq1+Ffgi4cRn53nMW2RqnSI6tXhY:aCvomtFV3MW3SBY
Score

10^/10

smokeloader vidar 1148 backdoor discovery spyware stealer trojan
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

smokeloadervidar1148backdoordiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy