General
-
Target
Setup.zip
-
Size
5.6MB
-
Sample
221002-ndx3eacgb2
-
MD5
ce31048ad3bbb1ba0528fe6b1e902993
-
SHA1
a68e5be961a626a1a33f3336d09804a4f93d4442
-
SHA256
db89838f9e60765d4c2fb54ab978e8642034cdcb29a7bb926b21c30e8189ee49
-
SHA512
14a7ccd619b1763552a60ab8211341117638789dc58aa8a70918dd5c27fa28ebd2d078be3cdcc9068087f03f79e061db0adada269d9a6ef2d320823b99467cd9
-
SSDEEP
98304:eRAnDQ6vgFUSlTBJYpJBCsIH9EoD4Z4gN+4e3P3iCVeRhkkNn9Hj8/:6An1In+JBMq84N+i5Rhk09HC
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10-20220901-en
Malware Config
Extracted
vidar
54.8
1281
https://t.me/dsjdsnxshjx
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
339.3MB
-
MD5
b61856ad41a4423ae265efb0b5bad7d5
-
SHA1
7700b24a0696aeb1d0b09240adb090dffd52049b
-
SHA256
8537f13d073583dfe3ac62f19a80490fe2f60e6701d1a6ad1bf861274d4b7c10
-
SHA512
db98eace3fb0ed2e1bbdb83b426be80bbe5a067cc20f481d420ecd25779ea8dcd2271cb9b6009d9ea44d78d7d9c541e96b58745c45e009535aee552c817bb056
-
SSDEEP
98304:3WRH1yPRGZ5U2koQ2JDh6e9E+t4ZiwNqUejhP+AFu93SXup9Buys:GRHAPRGroLcD3qS4lo+l93bp9Bx
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-