General
-
Target
Pass_1234_Setup.zip
-
Size
6.2MB
-
Sample
220927-1xf98aefe8
-
MD5
4a6a67392fae608893d9f18594b982ea
-
SHA1
fc620cba80b01a880fc0657f6a1c449caab28df2
-
SHA256
0c06d3612ebf8d92e3c1ce4eb9ed3322a043781fd165bb22b19b4f1b8a37209c
-
SHA512
f699528796ca53974a9ffb814fdfb055f7be3614a01d7badec18606cc6ded33f9833ab28a4b45755a1fc6ca44a4702ba24c001db68227a8762341626fcf2bb21
-
SSDEEP
196608:Ugb0LbPtKKhIJV5g7fJhXmBIXewmnFQ3EU9wT:Ugw/srJHg7TXIK7mC79O
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
54.7
1281
https://t.me/blablblsdfd
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
382.6MB
-
MD5
a3f69cbce849082ef0cecfc2cc1b6b6d
-
SHA1
b91d49947864897591b0be30496885cc5976cb6c
-
SHA256
6b852f168baca7a4c954409bd7f1170a3e50f15e48bcd96e8dc802eebb2c740f
-
SHA512
4e4b0d2ac2c8b6aa4848b4052294a9645d832fecc98598617e34cc22e117d69bc18e49b5d0ee028b08035f7b9bff288c15bcd8bf245c30be02de406271f2acee
-
SSDEEP
98304:iH9Xh2yqUcUFt0A25meRkBDQ0itAg6+Eq13QoUDqCUVawX0BsDv2:EI/ZULJeR6DQ0iy+V13QUCeX0I2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-