General
-
Target
583aed113333d3cf3b75fb014b68ab66670f922c24c680272de0223bd8bd930e
-
Size
1.3MB
-
Sample
221005-vdhfaaehf8
-
MD5
67e1f7157ef6028a27701c4118a6c744
-
SHA1
107c05af6e53a39592401552471725e425c98617
-
SHA256
583aed113333d3cf3b75fb014b68ab66670f922c24c680272de0223bd8bd930e
-
SHA512
66262fc3ef5ae88bfc347644c89c6971478e674a4598112fc91ba2b00876a47c2cf6081346cd2f26c2dce79d275ca92a429c8151096622e330df34aafcec627c
-
SSDEEP
24576:nZt/KOAncBAD7VMkL8w+iiDvBIidR6i4d5nFLEwvYRKN3nX86Ao4PyX6wc0QYoaC:7/lycBA7VMs8diiDOidwd5FZvYRon/AH
Malware Config
Extracted
vidar
54.9
1680
https://t.me/larsenup
https://ioc.exchange/@zebra54
-
profile_id
1680
Targets
-
-
Target
583aed113333d3cf3b75fb014b68ab66670f922c24c680272de0223bd8bd930e
-
Size
1.3MB
-
MD5
67e1f7157ef6028a27701c4118a6c744
-
SHA1
107c05af6e53a39592401552471725e425c98617
-
SHA256
583aed113333d3cf3b75fb014b68ab66670f922c24c680272de0223bd8bd930e
-
SHA512
66262fc3ef5ae88bfc347644c89c6971478e674a4598112fc91ba2b00876a47c2cf6081346cd2f26c2dce79d275ca92a429c8151096622e330df34aafcec627c
-
SSDEEP
24576:nZt/KOAncBAD7VMkL8w+iiDvBIidR6i4d5nFLEwvYRKN3nX86Ao4PyX6wc0QYoaC:7/lycBA7VMs8diiDOidwd5FZvYRon/AH
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-