General
-
Target
5b0571f8a88305984bc085c613c36bd12c8ba7539b1429e7302808c228ed89f0
-
Size
364KB
-
Sample
221014-j6he7sfad9
-
MD5
849a5ce45c4c4d6ff905454cb4def6d0
-
SHA1
e7a108de4f5bc1d4df02a54f7feab3bd7fe07540
-
SHA256
5b0571f8a88305984bc085c613c36bd12c8ba7539b1429e7302808c228ed89f0
-
SHA512
e7d39db1c07c5aabfda5882e745e27fe8e13bc21b3d851428831fe37cc615d67f48fa2d793d93ba3a8eef1e275499eecd6fb7a2d68bfebcbe6818461bd2548de
-
SSDEEP
6144:Gr2BjzIgdCCsdNXH/Fopo+CFLbyoSfl8NSoA4XvF1RNhfgs:GMST9GOLmJfl9o9X9Xss
Static task
static1
Malware Config
Extracted
vidar
55
1680
https://t.me/truewallets
https://mas.to/@zara99
http://116.203.10.3:80
-
profile_id
1680
Targets
-
-
Target
5b0571f8a88305984bc085c613c36bd12c8ba7539b1429e7302808c228ed89f0
-
Size
364KB
-
MD5
849a5ce45c4c4d6ff905454cb4def6d0
-
SHA1
e7a108de4f5bc1d4df02a54f7feab3bd7fe07540
-
SHA256
5b0571f8a88305984bc085c613c36bd12c8ba7539b1429e7302808c228ed89f0
-
SHA512
e7d39db1c07c5aabfda5882e745e27fe8e13bc21b3d851428831fe37cc615d67f48fa2d793d93ba3a8eef1e275499eecd6fb7a2d68bfebcbe6818461bd2548de
-
SSDEEP
6144:Gr2BjzIgdCCsdNXH/Fopo+CFLbyoSfl8NSoA4XvF1RNhfgs:GMST9GOLmJfl9o9X9Xss
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-