General
-
Target
98791a36a982994c06beca9387c6d1404463bd56273d07099133e0bb86276a20
-
Size
381KB
-
Sample
221209-lsavbach32
-
MD5
3ae039972d9a86d3d3eafb40db889dcf
-
SHA1
76368667cb101c1534ec9f4139c4235b6c7777b5
-
SHA256
98791a36a982994c06beca9387c6d1404463bd56273d07099133e0bb86276a20
-
SHA512
33cc2548532b31289c4f6543ab7b25abb08f9c7ed969c7bec8c41e01aef4b6a8ad4413c78647e817793bdc2e4e9e84fee7d91e194e7d3ef371bd56c2533f253b
-
SSDEEP
6144:XeoH1LWpTxmoDJ8xncOcMAYCfChodhh6K9W9Znvded89kTt:OoVapTYeucrUCfy8IK9W9Zngac
Static task
static1
Malware Config
Extracted
vidar
56.1
1148
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1148
Targets
-
-
Target
98791a36a982994c06beca9387c6d1404463bd56273d07099133e0bb86276a20
-
Size
381KB
-
MD5
3ae039972d9a86d3d3eafb40db889dcf
-
SHA1
76368667cb101c1534ec9f4139c4235b6c7777b5
-
SHA256
98791a36a982994c06beca9387c6d1404463bd56273d07099133e0bb86276a20
-
SHA512
33cc2548532b31289c4f6543ab7b25abb08f9c7ed969c7bec8c41e01aef4b6a8ad4413c78647e817793bdc2e4e9e84fee7d91e194e7d3ef371bd56c2533f253b
-
SSDEEP
6144:XeoH1LWpTxmoDJ8xncOcMAYCfChodhh6K9W9Znvded89kTt:OoVapTYeucrUCfy8IK9W9Zngac
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-