General
-
Target
5040da9e81f49ff64c1ca595e6649c8b6f3288835c70cc67364f3f1ca979d047
-
Size
669KB
-
Sample
220926-nscd9aafc8
-
MD5
ddeeba55d352e958d2a505f912f9e9ae
-
SHA1
d6e5a0e43a17a3de34e9a90ffc988eb34dee9a89
-
SHA256
5040da9e81f49ff64c1ca595e6649c8b6f3288835c70cc67364f3f1ca979d047
-
SHA512
6d070acb6cdb8916099e7833e7b3d68b83198890f8e69dd00e5004ff95c15086eaed9563aab4b110497b779e8b7a67e372de86da3909f94b495f67dab5914e16
-
SSDEEP
6144:VQcBjzNvUBoQ/WeeMeGlsK7Sd7SEmGva9pqPQ1W2wvW7mYiVR:6aobj7MOE9v1ZW7Ti
Static task
static1
Malware Config
Extracted
vidar
54.6
1680
https://t.me/huobiinside
https://mas.to/@kyriazhs1975
-
profile_id
1680
Targets
-
-
Target
5040da9e81f49ff64c1ca595e6649c8b6f3288835c70cc67364f3f1ca979d047
-
Size
669KB
-
MD5
ddeeba55d352e958d2a505f912f9e9ae
-
SHA1
d6e5a0e43a17a3de34e9a90ffc988eb34dee9a89
-
SHA256
5040da9e81f49ff64c1ca595e6649c8b6f3288835c70cc67364f3f1ca979d047
-
SHA512
6d070acb6cdb8916099e7833e7b3d68b83198890f8e69dd00e5004ff95c15086eaed9563aab4b110497b779e8b7a67e372de86da3909f94b495f67dab5914e16
-
SSDEEP
6144:VQcBjzNvUBoQ/WeeMeGlsK7Sd7SEmGva9pqPQ1W2wvW7mYiVR:6aobj7MOE9v1ZW7Ti
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-