General
-
Target
e4e90e1dda4b51d199d449fa936db902.exe
-
Size
325KB
-
Sample
221019-zapseafhar
-
MD5
e4e90e1dda4b51d199d449fa936db902
-
SHA1
70de6b213f872ba782ba11cad5a5d1294ca9e741
-
SHA256
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419
-
SHA512
3958e1c40d69d5439b5e85bdb5765bb38ec5bba24f38a8aafb9a53c167ebaffb5c202441613af3f2d968c9c902de35036f67d87f7777efeb4c66869a7fc3c4ed
-
SSDEEP
6144:neleO4eULHur41zAVbWuOcSk5ZVymwi0HUS5XwnQHEfAP+O9l:neleOzU7us1qCu/5PF0HUSyC2/W
Static task
static1
Behavioral task
behavioral1
Sample
e4e90e1dda4b51d199d449fa936db902.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.1
517
https://t.me/tg_privatetalk
https://nerdculture.de/@yixehi33
-
profile_id
517
Targets
-
-
Target
e4e90e1dda4b51d199d449fa936db902.exe
-
Size
325KB
-
MD5
e4e90e1dda4b51d199d449fa936db902
-
SHA1
70de6b213f872ba782ba11cad5a5d1294ca9e741
-
SHA256
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419
-
SHA512
3958e1c40d69d5439b5e85bdb5765bb38ec5bba24f38a8aafb9a53c167ebaffb5c202441613af3f2d968c9c902de35036f67d87f7777efeb4c66869a7fc3c4ed
-
SSDEEP
6144:neleO4eULHur41zAVbWuOcSk5ZVymwi0HUS5XwnQHEfAP+O9l:neleOzU7us1qCu/5PF0HUSyC2/W
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-