Overview

overview

10

Static

static

3

ee0695e88b...bf.exe

windows7-x64

10

ee0695e88b...bf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee0695e88b2430ef59373e6638c505a0ad298306e0989c25ea15d4735e90c4bf.bin

  • Size

    326KB

  • Sample

    230501-xrqpxsgf6w

  • MD5

    a32c9253643c7ceb577c01c553c9855e

  • SHA1

    a8e9b863779e156726694ec0a338c408fcb63ea2

  • SHA256

    ee0695e88b2430ef59373e6638c505a0ad298306e0989c25ea15d4735e90c4bf

  • SHA512

    6c08e969ab0d3339c7f06a8f32ad1679cdc827325a249add23e0d7785fdbce6b975acad7329e12b6ab1606c96ef5728411ac674ac52e2532ecb210a8b8af0134

  • SSDEEP

    6144:fauRRJZdymVP+xWeXDxO92kKqj8wa71lz:yujLdymVPWWSD08kKqjMlz

Score
10/10
smokeloadervidar1616034f091df9fd0229bc38dd17597fpub1backdoorstealertrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://potunulit.org/

http://hutnilior.net/

http://bulimu55t.net/

http://soryytlic4.net/

http://novanosa5org.org/

http://nuljjjnuli.org/

http://tolilolihul.net/

http://somatoka51hub.net/

http://hujukui3.net/

http://bukubuka1.net/

http://golilopaster.org/

http://newzelannd66.org/

http://otriluyttn.org/

http://aapu.at/tmp/

http://poudineh.com/tmp/

http://firsttrusteedrx.ru/tmp/

http://kingpirate.ru/tmp/
rc4.i32
rc4.i32
rc4.i32
rc4.i32

Extracted

Family

vidar

Version

3.6

Botnet

1616034f091df9fd0229bc38dd17597f

C2

https://steamcommunity.com/profiles/76561199499188534

https://t.me/nutalse
Attributes
  • profile_id_v2

    1616034f091df9fd0229bc38dd17597f

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36

Extracted

Family

smokeloader

Botnet

pub1

Targets

    • Target

      ee0695e88b2430ef59373e6638c505a0ad298306e0989c25ea15d4735e90c4bf.bin

    • Size

      326KB

    • MD5

      a32c9253643c7ceb577c01c553c9855e

    • SHA1

      a8e9b863779e156726694ec0a338c408fcb63ea2

    • SHA256

      ee0695e88b2430ef59373e6638c505a0ad298306e0989c25ea15d4735e90c4bf

    • SHA512

      6c08e969ab0d3339c7f06a8f32ad1679cdc827325a249add23e0d7785fdbce6b975acad7329e12b6ab1606c96ef5728411ac674ac52e2532ecb210a8b8af0134

    • SSDEEP

      6144:fauRRJZdymVP+xWeXDxO92kKqj8wa71lz:yujLdymVPWWSD08kKqjMlz

    Score
    10/10
    smokeloaderbackdoortrojanvidar1616034f091df9fd0229bc38dd17597fpub1stealer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks