General
-
Target
32892c7ae24f77af43927612d845043e5138498da8c75b55b0da970031c7088a
-
Size
694KB
-
Sample
210926-m34e2sega2
-
MD5
5ae5a81160cb845f98d9371176375b2e
-
SHA1
7e0c2a35911b52178b5bf6206335477af9da557d
-
SHA256
32892c7ae24f77af43927612d845043e5138498da8c75b55b0da970031c7088a
-
SHA512
1bfa1cc5772284d6b223a410eac9fff09523d097a32134b2ed29a02c4bb602c3ab8a0847ae56b9c97391da66d710352c602b590816cbe590389f7257f001e362
Static task
static1
Behavioral task
behavioral1
Sample
32892c7ae24f77af43927612d845043e5138498da8c75b55b0da970031c7088a.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
32892c7ae24f77af43927612d845043e5138498da8c75b55b0da970031c7088a
-
Size
694KB
-
MD5
5ae5a81160cb845f98d9371176375b2e
-
SHA1
7e0c2a35911b52178b5bf6206335477af9da557d
-
SHA256
32892c7ae24f77af43927612d845043e5138498da8c75b55b0da970031c7088a
-
SHA512
1bfa1cc5772284d6b223a410eac9fff09523d097a32134b2ed29a02c4bb602c3ab8a0847ae56b9c97391da66d710352c602b590816cbe590389f7257f001e362
-
Detected Djvu ransomware
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-