General
-
Target
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419
-
Size
245KB
-
Sample
221019-zktt4sgcem
-
MD5
a31f40217e8040ce00838c9a12d3c719
-
SHA1
9743ad9f955801c191266114f393deb346f6a1ee
-
SHA256
f94866eb730506f427a0c554f04ce88fe937313dfa5b10417738fe214ca66a0d
-
SHA512
383f562341e419b2200142363ae41cd89c52fe05e9e2e6841b71cf1383dc18f492dc315eb39f2010fffac1733f63e06279ad7669616cd2944ea29f9ff9d0c471
-
SSDEEP
6144:ufuNT54dWkOcSk5ZJymwiIHUSVXwnQHVVSr:ufu/4dp/53FIHUSuCVVE
Static task
static1
Behavioral task
behavioral1
Sample
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.1
517
https://t.me/tg_privatetalk
https://nerdculture.de/@yixehi33
-
profile_id
517
Targets
-
-
Target
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419
-
Size
325KB
-
MD5
e4e90e1dda4b51d199d449fa936db902
-
SHA1
70de6b213f872ba782ba11cad5a5d1294ca9e741
-
SHA256
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419
-
SHA512
3958e1c40d69d5439b5e85bdb5765bb38ec5bba24f38a8aafb9a53c167ebaffb5c202441613af3f2d968c9c902de35036f67d87f7777efeb4c66869a7fc3c4ed
-
SSDEEP
6144:neleO4eULHur41zAVbWuOcSk5ZVymwi0HUS5XwnQHEfAP+O9l:neleOzU7us1qCu/5PF0HUSyC2/W
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-