General
-
Target
11f9829d6e35d28cdd44e66a30bf6db39d5cbcae88a3743ba4555b89c805b4a4
-
Size
1.3MB
-
Sample
221011-dzc91scgdq
-
MD5
65098ca099cf2871ace5c4439c14e86d
-
SHA1
409dd3cf84a2b799c9a2ef90ce8b1daa25bf8fbf
-
SHA256
11f9829d6e35d28cdd44e66a30bf6db39d5cbcae88a3743ba4555b89c805b4a4
-
SHA512
1242ea2310646835596c0ae5290db2f9722c772e2b306a7aead64dcb6e7394d177718196262a4ec4d52277f08f59e0f358cacad5e62a9c499f720ecb5b0b9b4a
-
SSDEEP
24576:JUBwmwMTA+Ya1NuDOvpPkdbBB4bJD4OL3LVocDzO5WxjuaqhKong9uYoaEvW8J+y:JUBwmwMTA+YGuDOhkdNBG94OLpocXZvG
Malware Config
Extracted
vidar
54.9
1680
https://t.me/larsenup
https://ioc.exchange/@zebra54
-
profile_id
1680
Targets
-
-
Target
11f9829d6e35d28cdd44e66a30bf6db39d5cbcae88a3743ba4555b89c805b4a4
-
Size
1.3MB
-
MD5
65098ca099cf2871ace5c4439c14e86d
-
SHA1
409dd3cf84a2b799c9a2ef90ce8b1daa25bf8fbf
-
SHA256
11f9829d6e35d28cdd44e66a30bf6db39d5cbcae88a3743ba4555b89c805b4a4
-
SHA512
1242ea2310646835596c0ae5290db2f9722c772e2b306a7aead64dcb6e7394d177718196262a4ec4d52277f08f59e0f358cacad5e62a9c499f720ecb5b0b9b4a
-
SSDEEP
24576:JUBwmwMTA+Ya1NuDOvpPkdbBB4bJD4OL3LVocDzO5WxjuaqhKong9uYoaEvW8J+y:JUBwmwMTA+YGuDOhkdNBG94OLpocXZvG
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-