General
-
Target
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419
-
Size
245KB
-
Sample
221019-zqjakagecj
-
MD5
d0a580824fcce7256f6c98032889bdf0
-
SHA1
0db8393996712c54d5543eb9478288e8f25a7ba4
-
SHA256
b38291c5f45ed02c791219437b68c84c79a88d4866b77da5b4b678eb43f977af
-
SHA512
93e51591deed7d221adbe29bbd2a40ba4195b86c7c6ae699818e1f1a2f6db7506c7c6a86bc3285fa44a60477d0604dd5a570fff29e9a0ed7ca93a4459edce595
-
SSDEEP
6144:vfuNT54dWkOcSk5ZJymwiIHUSVXwnQHVVSi:vfu/4dp/53FIHUSuCVVx
Static task
static1
Behavioral task
behavioral1
Sample
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.1
517
https://t.me/tg_privatetalk
https://nerdculture.de/@yixehi33
-
profile_id
517
Targets
-
-
Target
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419
-
Size
325KB
-
MD5
e4e90e1dda4b51d199d449fa936db902
-
SHA1
70de6b213f872ba782ba11cad5a5d1294ca9e741
-
SHA256
8ecc0426ea37a5c9e59d00b4fde1508175a950372ec3870965f1e527634b3419
-
SHA512
3958e1c40d69d5439b5e85bdb5765bb38ec5bba24f38a8aafb9a53c167ebaffb5c202441613af3f2d968c9c902de35036f67d87f7777efeb4c66869a7fc3c4ed
-
SSDEEP
6144:neleO4eULHur41zAVbWuOcSk5ZVymwi0HUS5XwnQHEfAP+O9l:neleOzU7us1qCu/5PF0HUSyC2/W
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-