General
-
Target
New_Setup_Pass_1234.rar
-
Size
6.7MB
-
Sample
220926-mf9csabfbm
-
MD5
383fbaae3821c885915d8a42a3109778
-
SHA1
c7e2488f277eb3b2c56eea7d59214f87eeea05ac
-
SHA256
0a950e6991ae94e506b6ea863275b757e5a0869356b6b65ca78abfe32d8d8590
-
SHA512
1200ac7b126828ecb16ce3e246a2139624ab2df93db8c94c47321c2a4447f51b39c468fba6417443fa6bb7b2c62221711cccecfc76302791e2f52ea7237a5226
-
SSDEEP
196608:uhcNpEXhH8A4KWm5lWYt8xtej21jzYlEwpc6S:VNpEXhV2YtkMV9S
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
54.6
1281
https://t.me/parampampamsss
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
374.0MB
-
MD5
a906a9041c829a40b55e341023c04f74
-
SHA1
fe40b54fd6e2f1bb7dd48452c9252d00071f4ffe
-
SHA256
da185d94ba21118507e51c00033d0b8c5e6f984c9ff7ea6e0893419b244c88cb
-
SHA512
92c606d50b46d1e0acbfead7b85c8bf61bb12bf2d7f305f79f91c842801318e6b12d4aca082978531c0412caf1f58a3b955b4dd2c64ce5e1251e86d31827418b
-
SSDEEP
98304:6XLbo7+rdeI1ZO/Suclc/d+nKem+a4fDUawRM6UDzRqDTaf153sZv:9CJ1k/Clc/kJQCdqDY58F
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-