General
-
Target
40178549fa7c3f5d179f0a1fd3e5aae1.exe
-
Size
11.4MB
-
Sample
220926-eryfnaaeem
-
MD5
40178549fa7c3f5d179f0a1fd3e5aae1
-
SHA1
68bdfc13657aa855ed981382eb6e920b86ab7326
-
SHA256
536a39f5ff898717ba9b02b146e0cc11bab0ae6d2cb7e7c6926a92171daadb98
-
SHA512
58f0a0b4221f3a695d55dcf86fd0c45267e65b0d138db63819bfd15dcd63084d92e5fd70f3f6f2bc91dff65206f3dd5ba24aba8a9195770555ea03dfa3a833b9
-
SSDEEP
98304:AL1Z7CmwBC2B3DbVg6sRj5KOKl3OO71WtzMTjt5/fPqrVdbUrjxi1H2TjiulSU89:xx0Z/KvSCt5nu0rZZsQdWg7tGGzG6b
Static task
static1
Behavioral task
behavioral1
Sample
40178549fa7c3f5d179f0a1fd3e5aae1.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
54.6
1680
https://t.me/huobiinside
https://mas.to/@kyriazhs1975
-
profile_id
1680
Targets
-
-
Target
40178549fa7c3f5d179f0a1fd3e5aae1.exe
-
Size
11.4MB
-
MD5
40178549fa7c3f5d179f0a1fd3e5aae1
-
SHA1
68bdfc13657aa855ed981382eb6e920b86ab7326
-
SHA256
536a39f5ff898717ba9b02b146e0cc11bab0ae6d2cb7e7c6926a92171daadb98
-
SHA512
58f0a0b4221f3a695d55dcf86fd0c45267e65b0d138db63819bfd15dcd63084d92e5fd70f3f6f2bc91dff65206f3dd5ba24aba8a9195770555ea03dfa3a833b9
-
SSDEEP
98304:AL1Z7CmwBC2B3DbVg6sRj5KOKl3OO71WtzMTjt5/fPqrVdbUrjxi1H2TjiulSU89:xx0Z/KvSCt5nu0rZZsQdWg7tGGzG6b
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-