General
-
Target
8d85fb307c5c64f4fbdd23ee0873781999b9fd0fea87e3a40b049025e97153b7
-
Size
383KB
-
Sample
221209-t1x9ksgd8w
-
MD5
d31d3dfed3a50840be018f912ce38795
-
SHA1
76a3a63f307de3fee03f4bd4104a1b63506aa101
-
SHA256
8d85fb307c5c64f4fbdd23ee0873781999b9fd0fea87e3a40b049025e97153b7
-
SHA512
e430de5da8bc8c26214e67b1b3ebac0551d93e62d2a262d411dae3938423f7c43a73a4f6271b68f683d9a64d21ef460ca89b98d527b04d8a6932cc60536e6bc2
-
SSDEEP
6144:lk0LLJr8Vq4wtEOHXWBIwcWysAeFn2Fa7Fns:l3LB8VbJOHPwXHFnPs
Malware Config
Extracted
vidar
56.1
1148
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1148
Targets
-
-
Target
8d85fb307c5c64f4fbdd23ee0873781999b9fd0fea87e3a40b049025e97153b7
-
Size
383KB
-
MD5
d31d3dfed3a50840be018f912ce38795
-
SHA1
76a3a63f307de3fee03f4bd4104a1b63506aa101
-
SHA256
8d85fb307c5c64f4fbdd23ee0873781999b9fd0fea87e3a40b049025e97153b7
-
SHA512
e430de5da8bc8c26214e67b1b3ebac0551d93e62d2a262d411dae3938423f7c43a73a4f6271b68f683d9a64d21ef460ca89b98d527b04d8a6932cc60536e6bc2
-
SSDEEP
6144:lk0LLJr8Vq4wtEOHXWBIwcWysAeFn2Fa7Fns:l3LB8VbJOHPwXHFnPs
Score10/10-
Detects Smokeloader packer
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-