General
-
Target
daff494505d1dda2813860ca1bb7c6a49847de0aa2ac732db81b1d0ca787d5ac
-
Size
255KB
-
Sample
221231-wytvgsdd4t
-
MD5
3c0240c60663a313dc0ff12014f57ecc
-
SHA1
be036ba6bd08ee2496393cc7f13a7a23fb63968b
-
SHA256
daff494505d1dda2813860ca1bb7c6a49847de0aa2ac732db81b1d0ca787d5ac
-
SHA512
5e9d7ccca7450645641e47dbc2eaf5357eaf7a80206159d565e5e20ab03e0fb757a5b99a76343c0a74707c3da37b8751095ca6b7b71486963b6d43c147dbe5a9
-
SSDEEP
3072:wmZsVu1paLniBsFbnRhc12wZuvZNxBC2J+Y2cQ25xymqqojx27hZY:AoeL/Fb7c12wZuvH3C2L2/25n7wMZY
Static task
static1
Malware Config
Extracted
aurora
45.15.156.97:8081
Targets
-
-
Target
daff494505d1dda2813860ca1bb7c6a49847de0aa2ac732db81b1d0ca787d5ac
-
Size
255KB
-
MD5
3c0240c60663a313dc0ff12014f57ecc
-
SHA1
be036ba6bd08ee2496393cc7f13a7a23fb63968b
-
SHA256
daff494505d1dda2813860ca1bb7c6a49847de0aa2ac732db81b1d0ca787d5ac
-
SHA512
5e9d7ccca7450645641e47dbc2eaf5357eaf7a80206159d565e5e20ab03e0fb757a5b99a76343c0a74707c3da37b8751095ca6b7b71486963b6d43c147dbe5a9
-
SSDEEP
3072:wmZsVu1paLniBsFbnRhc12wZuvZNxBC2J+Y2cQ25xymqqojx27hZY:AoeL/Fb7c12wZuvH3C2L2/25n7wMZY
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-