General
-
Target
9d2cea326b28175bb93148541991dae696cc970cba7381e101f502110993a239
-
Size
139KB
-
Sample
221225-xbebysbh76
-
MD5
12ee65b134b4f6d9263158679fe3d826
-
SHA1
0b2de22d75a3c69e05da731c12a776988174b99b
-
SHA256
d6ee2054da28f93dfac088c4273a9609e53f9f9e0514cb7e2a0ebfb1969c18a6
-
SHA512
e5d828f458b2bbb0c77783101f2fe375ebe309fa9e9667fb0efed81cc7b76d343e26748376c815fbcb1ce83ab7f69a9821fa0b331ec41b42a7571757442bad3d
-
SSDEEP
3072:/ApSsuUahcyHLf3bs0waetfGwjq9vlmWt6ven5znjsd:/AphOc6et7jq9vd6vk5vsd
Static task
static1
Behavioral task
behavioral1
Sample
9d2cea326b28175bb93148541991dae696cc970cba7381e101f502110993a239.exe
Resource
win7-20220812-en
Malware Config
Extracted
aurora
195.43.142.218:8081
Targets
-
-
Target
9d2cea326b28175bb93148541991dae696cc970cba7381e101f502110993a239
-
Size
221KB
-
MD5
afecb82dd2b59e52ef71282f80b229ad
-
SHA1
4e530e9e038f5c475428982e674fa50bd4d8bb99
-
SHA256
9d2cea326b28175bb93148541991dae696cc970cba7381e101f502110993a239
-
SHA512
447ee754d3874b5b309c0178ebfa550e639f7664ba4a1c6d36afaca0c789248877be8f5f71bd8cb10d285b5c5e928a6ca99f3fd45995fa9e52e81c6f3eab8227
-
SSDEEP
3072:4k6LzRHRIZJ1952/rP1rLw1uEiCMz9tJ/eoqw7RkxmJZs:QLztRIT1mDVcuoMzLJ/eFGymI
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-