General
-
Target
55f3800e536e05133cea50109b8ce1c9.exe
-
Size
3.2MB
-
Sample
221023-wca59abee9
-
MD5
55f3800e536e05133cea50109b8ce1c9
-
SHA1
351626f515978da5b8321eb271f90562b49f0513
-
SHA256
f4a1d02651119a52e88580eea25c285ac9921af0ca122650dea8687e8e7623f3
-
SHA512
91de5cb69d9a61d261819a03fddfcacb8ab07f6871d883943062de6cbbb5ecf4298c7fc9a8b30a7056d5213877c9320d54906c7ecaa67718f99a24ced81e46bc
-
SSDEEP
49152:R2n1/Eh7VolUpB39EG/CAfdlcQvP7iAR8xJn:c1m8UphGCZOQV
Static task
static1
Behavioral task
behavioral1
Sample
55f3800e536e05133cea50109b8ce1c9.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55
1680
https://t.me/truewallets
https://mas.to/@zara99
http://116.203.10.3:80
-
profile_id
1680
Targets
-
-
Target
55f3800e536e05133cea50109b8ce1c9.exe
-
Size
3.2MB
-
MD5
55f3800e536e05133cea50109b8ce1c9
-
SHA1
351626f515978da5b8321eb271f90562b49f0513
-
SHA256
f4a1d02651119a52e88580eea25c285ac9921af0ca122650dea8687e8e7623f3
-
SHA512
91de5cb69d9a61d261819a03fddfcacb8ab07f6871d883943062de6cbbb5ecf4298c7fc9a8b30a7056d5213877c9320d54906c7ecaa67718f99a24ced81e46bc
-
SSDEEP
49152:R2n1/Eh7VolUpB39EG/CAfdlcQvP7iAR8xJn:c1m8UphGCZOQV
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-