General
-
Target
Pass_1234_Setup.rar
-
Size
5.4MB
-
Sample
220930-3x67ragbek
-
MD5
20f67f87b1891dc29cb5c5e2cb1fbe00
-
SHA1
68aba9a84dda1a6c8286cf38dffc6b51cf14c036
-
SHA256
04f647cd46de4e527c3a531aa326dd01ae2e293f25e9abe11672fbf2b6ee9707
-
SHA512
3795dd03eb81ac52b7626b1e9aff3cf3100db260c8ddc02486be5dab651bebdf437eeb06b50c2221e2b07d9c35e5d3cdcd93946ac4cd87849ae012d1bfb8a43c
-
SSDEEP
98304:zazZ2EeXiL7H6fRQSnSPCJoZ3QyFaAn7XMEIbZRZuB+XcDdhJd19C+f3ELFjb:za1beO6fRPQQMRFl7X9ItR4IXc7ge0xv
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
54.7
1281
https://t.me/dsjdsnxshjx
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
381.5MB
-
MD5
c303b9c3cced1c56be6955fbbd83d526
-
SHA1
4c0e838417c7ee3c3dcb8888c0615836bc2d27cc
-
SHA256
dee25a1e59bc24fe042a88108d400e68743597a4f37d73dad17f969667c2c72e
-
SHA512
2716c8cca49831de39d84fc64f9fa4dbfbc566f1e1ddcf6ecd72fa54538786be6c9bc42d55e934eeae582b53e0edd871f3f1f98ee17a5553bf0b4130dc43610d
-
SSDEEP
98304:SQ3YMB6BzSV9t7FGw2trlRrlzcFwWesAmQYo+xd74zvKLBpMd3VQ8KUs:SQ37LLGvXZBiAsDFpUFQDUs
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-