General
-
Target
Pass_1234_Setup.rar
-
Size
5.7MB
-
Sample
221002-tpzm9seah2
-
MD5
56c8716bb84007eb68e8a099d910eda1
-
SHA1
5995879479c90c8ea3d4e7798c10390d617cc5a4
-
SHA256
0b76c40efd1960d44b6618be3e374c455833f56641085c3a2711f663741d31ad
-
SHA512
4fd9738fcb867ae9b6328b9430dca0edc5767a85e0250398f31ec15eba59690213adf147351650b0ac85d8cc99c46af8bfbeea6765d7e0c59e9616ef8d629f13
-
SSDEEP
98304:L78hjt6fLJjVCnRoB8nQkVao0ovsGeXjauXFG+Ma6d13kR3P9EmIzY3Iq:H8tt6VCnSGQkVL0ovsmuJMTd13kN9Em/
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
54.8
1281
https://t.me/dsjdsnxshjx
-
profile_id
1281
Targets
-
-
Target
Setup.exe
-
Size
339.3MB
-
MD5
cf16825cd92905391912cfe570999c35
-
SHA1
11ce61d5f6da3941558b2cb4b9fbfa7fbe0d217d
-
SHA256
17befb0f4c359897b37dd4672eea23aa8513eccfee11481b88df4e5ec1b0c1a9
-
SHA512
349cf8f67db6c343df663446b5524de7083b3a841515c6635f46e7406e4bedd94f931e5c341a9c1b1f2aca6e69bfd2cc2bc2294c340c83c3f0673623f27a7a88
-
SSDEEP
98304:PLgMeg5ueCpSAdTIkQ2yOk/TRWUfsRRj+WK+OxNaXQtNyEpM7:yI3CpZTe7TcOsRRtKvxcAXyEY
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-