General
-
Target
file_809457a4bbec4fe9858fb630d22c190a_2022-09-20_18_44_33_590000 (2).zip
-
Size
6.3MB
-
Sample
220923-v442zaheg3
-
MD5
2464a4e83d3a00fce42fe62768cdf4b1
-
SHA1
6270b51abecb31cfeb657c0268e0ebdaa79934e6
-
SHA256
faaac98d010a3ce279f61db1aa7f04de3268115c45260b239053d5a6ebf9e361
-
SHA512
790278d070ddd96db7441037de4762c318edeaa8bc7091d80bb099fa1ab7451ec3c25d85d97416d36805c8caaa3c8ecedd14c94639030484b04c35a0fd7bc77b
-
SSDEEP
196608:yBzHJdJAK3RDmQxNy6RbykwrwbLJTcLJKaGj/w:2zpdJbRDmsN13ZtYX
Static task
static1
Behavioral task
behavioral1
Sample
entry_1_0/License.msi
Resource
win7-20220812-en
Malware Config
Extracted
vidar
54.6
915
https://t.me/huobiinside
https://mas.to/@kyriazhs1975
-
profile_id
915
Targets
-
-
Target
entry_1_0/License.msi
-
Size
6.8MB
-
MD5
afe9813156ea682ae4c6a5621c8f4e68
-
SHA1
5c0ffda644dfd0aca61e5f3ad314d295d385ee55
-
SHA256
cb71e4ee47ae507196198a3afa81a18cb300fe455a487fe2e18c688466670a22
-
SHA512
5b7b80d96580c83827761df6daae82de67c6a25daf8fdff123efe72a7b345e7979401b1f21a6f2007407469d58154aaac08bca23d1b79b9692ae572cac10e47e
-
SSDEEP
196608:+t9ZFhQ4fLbaCfrEUtdSUS1sPLFPM31KUs9r:+t3Fh3Lba6rvDntW
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-