General
-
Target
56412a0fdda35a4e4eaeee929670575fb9b4e86943395af2b9fdf9bee8f21a56
-
Size
159KB
-
Sample
221231-xj6q6sde5z
-
MD5
b3311c6786d107480a823aae3e33fcbd
-
SHA1
7e0cc8e8e650640f81d2365fa1572c9a6084dc47
-
SHA256
4f5e8d2a2f16d331c412ab2ca4f67b1b0c870ce5e50f7ecda417e1f980accba4
-
SHA512
002ef82fa546806e3bd703cbcab4ba12af711cc09aabb6986c09843a14994cfbaafdba2fbf1d3e040eef29aa3b6b892e6d8c6baff27135aa755160f172901437
-
SSDEEP
3072:aeFjuSkJV4uEswxlxewuxYUOTzHdgFZe8V3QRFkS9ukNIcbV1vjO5O2bi:ae1BkTpLwxl8nyvwZee30FrTZ7OI2W
Static task
static1
Behavioral task
behavioral1
Sample
56412a0fdda35a4e4eaeee929670575fb9b4e86943395af2b9fdf9bee8f21a56.exe
Resource
win7-20220812-en
Malware Config
Extracted
aurora
45.15.156.97:8081
Targets
-
-
Target
56412a0fdda35a4e4eaeee929670575fb9b4e86943395af2b9fdf9bee8f21a56
-
Size
262KB
-
MD5
93e241915ccba3e725b401bd8a6710cb
-
SHA1
b95c0b3522ab2e987cc13f2e4f91cdb09f0fc675
-
SHA256
56412a0fdda35a4e4eaeee929670575fb9b4e86943395af2b9fdf9bee8f21a56
-
SHA512
6d9036c7da1063b6911d223a802cc24994977888fb36bc459d7b938eabb3f32ad260a98962a7807adec22f972fffdeefc200dc33f382047551b60d6edad5fe5b
-
SSDEEP
3072:spLyjGoqLH7K8Ha13K0R7sVmOTzHdgFZe8V3P3mqw8PByX27hZY:wgYLH7fa5Kz7wZee3P2CPByyZY
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-