General
-
Target
ec5c095eb8718cc29c586765a7d779fbad1ab2ad21124bda2610200762f32130
-
Size
6.3MB
-
Sample
221005-1hwrcsfga9
-
MD5
46155f0e5175c41f21442e61298560f7
-
SHA1
ffd644c2e034229bd06d2e25e3565041ea9984b5
-
SHA256
ec5c095eb8718cc29c586765a7d779fbad1ab2ad21124bda2610200762f32130
-
SHA512
b078a49defb9b3cea7954cb69a839c17d39ff064573ed79bd8404550d3c0644dfba1da6ba65d7c396443939dd5ae67523985f16c7ba967895623f99a3ef16f71
-
SSDEEP
98304:mKPLFnyzN2vPLgeMYbvvB5j5v1SZzIf9VDCCmVaztNQ1lvrBWyBgakd06:tyYvPLgeMYbvvnSNC9w0zt2Zg4gxm
Malware Config
Extracted
vidar
54.9
1681
https://t.me/larsenup
https://ioc.exchange/@zebra54
-
profile_id
1681
Targets
-
-
Target
ec5c095eb8718cc29c586765a7d779fbad1ab2ad21124bda2610200762f32130
-
Size
6.3MB
-
MD5
46155f0e5175c41f21442e61298560f7
-
SHA1
ffd644c2e034229bd06d2e25e3565041ea9984b5
-
SHA256
ec5c095eb8718cc29c586765a7d779fbad1ab2ad21124bda2610200762f32130
-
SHA512
b078a49defb9b3cea7954cb69a839c17d39ff064573ed79bd8404550d3c0644dfba1da6ba65d7c396443939dd5ae67523985f16c7ba967895623f99a3ef16f71
-
SSDEEP
98304:mKPLFnyzN2vPLgeMYbvvB5j5v1SZzIf9VDCCmVaztNQ1lvrBWyBgakd06:tyYvPLgeMYbvvnSNC9w0zt2Zg4gxm
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-