General
-
Target
417459ba2824c8b39cfe7aae23bfc049.exe
-
Size
321KB
-
Sample
221206-mdnnasha99
-
MD5
417459ba2824c8b39cfe7aae23bfc049
-
SHA1
5ac67f9b0a1ec7c320a9643b05d805be7d7425bb
-
SHA256
13fa525f766a6e919d19d0d501e062a41ab227690d1ec3c566ad0f3b52a0bb56
-
SHA512
a0ea6706ccae10af52c7483514b81776838ccee2610365eebffb25a655101e6cbed6b5e8125cdd0b96c9d9c8c61924faa699fc633f226bea148fde32d99472d3
-
SSDEEP
3072:sn8XcfGwcyetqqfLlqIqdJg5aIYp1NK1hDSC/YlN0g9UzKZJds0Svt:/mcyeLLl7qdJTIYTOhDS0YlN08lRF
Static task
static1
Behavioral task
behavioral1
Sample
417459ba2824c8b39cfe7aae23bfc049.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
56.1
1148
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1148
Targets
-
-
Target
417459ba2824c8b39cfe7aae23bfc049.exe
-
Size
321KB
-
MD5
417459ba2824c8b39cfe7aae23bfc049
-
SHA1
5ac67f9b0a1ec7c320a9643b05d805be7d7425bb
-
SHA256
13fa525f766a6e919d19d0d501e062a41ab227690d1ec3c566ad0f3b52a0bb56
-
SHA512
a0ea6706ccae10af52c7483514b81776838ccee2610365eebffb25a655101e6cbed6b5e8125cdd0b96c9d9c8c61924faa699fc633f226bea148fde32d99472d3
-
SSDEEP
3072:sn8XcfGwcyetqqfLlqIqdJg5aIYp1NK1hDSC/YlN0g9UzKZJds0Svt:/mcyeLLl7qdJTIYTOhDS0YlN08lRF
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-