General
-
Target
64c309c362af685c88863ec58a83b70aa417357a7c54ae1da3d02d2b43599b2f
-
Size
5.4MB
-
Sample
221005-lwchbadhf5
-
MD5
935f34add2f37f72d08d38697a690c8d
-
SHA1
e9eee01cffe74fb72dc62ff25f62326a94a9c1be
-
SHA256
64c309c362af685c88863ec58a83b70aa417357a7c54ae1da3d02d2b43599b2f
-
SHA512
3d95f5c8b36e220c50fd90c14d0cf53d4c4c7db713168c253bf10377ca40672cc399ab71cb9fcc8069f35bd799c1bee8eac85b5b6c82359d75a1e7a097e38091
-
SSDEEP
98304:ZoNJBbQMhDo1RBLk1nt8Fj/iynjrK3WYYesD2srbMP:ZoNJBbQMhDo1RBLk1nt8Fj/iynjrpyw
Malware Config
Extracted
vidar
54.9
1680
https://t.me/larsenup
https://ioc.exchange/@zebra54
-
profile_id
1680
Targets
-
-
Target
64c309c362af685c88863ec58a83b70aa417357a7c54ae1da3d02d2b43599b2f
-
Size
5.4MB
-
MD5
935f34add2f37f72d08d38697a690c8d
-
SHA1
e9eee01cffe74fb72dc62ff25f62326a94a9c1be
-
SHA256
64c309c362af685c88863ec58a83b70aa417357a7c54ae1da3d02d2b43599b2f
-
SHA512
3d95f5c8b36e220c50fd90c14d0cf53d4c4c7db713168c253bf10377ca40672cc399ab71cb9fcc8069f35bd799c1bee8eac85b5b6c82359d75a1e7a097e38091
-
SSDEEP
98304:ZoNJBbQMhDo1RBLk1nt8Fj/iynjrK3WYYesD2srbMP:ZoNJBbQMhDo1RBLk1nt8Fj/iynjrpyw
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-