General
-
Target
2231160e71faf8674b8efc0cedf3384db3acc5d66f0276c76b18c7cb5f842ce0.exe
-
Size
2.0MB
-
Sample
220923-amrp4agegm
-
MD5
ea9fa7d01bea905b858de54fa01ad7fa
-
SHA1
26115372eb48ee842ac9b9f0737a98dfe21160ed
-
SHA256
2231160e71faf8674b8efc0cedf3384db3acc5d66f0276c76b18c7cb5f842ce0
-
SHA512
a0254d601d3fc31ac8a6de2a05daf2442049a7967667e9fddeeda58e43c3166ede189d91bf1d878d2bb55c6aced3bcc22e8c163981d645c99528b15b4ff8f951
-
SSDEEP
24576:tbTBwmZ33qAioFmymA7mrB6nvBt5v+rpyzzL:F/aPg7KAn5/vapuL
Static task
static1
Behavioral task
behavioral1
Sample
2231160e71faf8674b8efc0cedf3384db3acc5d66f0276c76b18c7cb5f842ce0.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
54.6
1672
https://t.me/huobiinside
https://mas.to/@kyriazhs1975
-
profile_id
1672
Targets
-
-
Target
2231160e71faf8674b8efc0cedf3384db3acc5d66f0276c76b18c7cb5f842ce0.exe
-
Size
2.0MB
-
MD5
ea9fa7d01bea905b858de54fa01ad7fa
-
SHA1
26115372eb48ee842ac9b9f0737a98dfe21160ed
-
SHA256
2231160e71faf8674b8efc0cedf3384db3acc5d66f0276c76b18c7cb5f842ce0
-
SHA512
a0254d601d3fc31ac8a6de2a05daf2442049a7967667e9fddeeda58e43c3166ede189d91bf1d878d2bb55c6aced3bcc22e8c163981d645c99528b15b4ff8f951
-
SSDEEP
24576:tbTBwmZ33qAioFmymA7mrB6nvBt5v+rpyzzL:F/aPg7KAn5/vapuL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-