General
-
Target
9165bc02f34e98d8bda09da495eb33b985d33b3ffa519a19b82255da98840489
-
Size
159KB
-
Sample
221231-ykc1xsad69
-
MD5
2733c742ca5c870769dc88f053af4412
-
SHA1
ebd4015319b8c92f34b5fcfb7352e7048c1a3af2
-
SHA256
b94ad368123101b4fa95e7bb443f7048cbbe35dd9c6baed98bd8a6489030d4a0
-
SHA512
dd861a11017ef3562dffa5f045f5d7f335eb4c95b6e1a88dda281f206799173007eec945064d892addaf1bfdde70d24a65abd6b4441d0d779f7bffcffcdff29b
-
SSDEEP
3072:75SVjQeeHMz55Wuk5SvsnJ6sB6FuUh2MuN/MO2cYRBpunq2t:7oXbHkAvk7h/MO2FB4nqM
Static task
static1
Behavioral task
behavioral1
Sample
9165bc02f34e98d8bda09da495eb33b985d33b3ffa519a19b82255da98840489.exe
Resource
win7-20220812-en
Malware Config
Extracted
aurora
45.15.156.97:8081
Targets
-
-
Target
9165bc02f34e98d8bda09da495eb33b985d33b3ffa519a19b82255da98840489
-
Size
261KB
-
MD5
b9e274a46b06a02f7687ee5f8279d285
-
SHA1
e55513ba62093c70b49171ee2da71453066513c5
-
SHA256
9165bc02f34e98d8bda09da495eb33b985d33b3ffa519a19b82255da98840489
-
SHA512
62a926137252726e2fe34162f4a871268e2f7268671e27cadaea96602fdd46a8ee70b75d268b5c1b21ddb2625e0f446fcb9b33a5727bff532b8782973ea42f6f
-
SSDEEP
3072:tVrsbdH1LfhL6XbBhOMnEzReACaJVxSqnJ6sB6FuUh2MuNGS6CKmqIUAM27hZY:tY3FL6jO+OCaz8pk7hGXCxvUApZY
-
Detects Smokeloader packer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-