General
-
Target
e3f46e0867414f00679e5bc53274d3a31f638fa2cdc0741d3b44d43b1eff2dbf
-
Size
1.3MB
-
Sample
221025-ld8g2acbek
-
MD5
ad7d67cd7f4e1a7800fe5c7bbe05ddd8
-
SHA1
880486310ef5c7022e6d5bb7cf6be19cb697e1d5
-
SHA256
e3f46e0867414f00679e5bc53274d3a31f638fa2cdc0741d3b44d43b1eff2dbf
-
SHA512
6bf8c4d7bae3b6fa224479a15bafee269d86a2e4053a4f888fa7f5b85b9317e8c7f38940811d3a97145b53a91625794d52de18fa2bc0d331d976f52b528c66cf
-
SSDEEP
24576:CUrBoqYRYLnRf1MnN4YyStR1gzX5/vwYcyUgJrEzweLNf4:ZrBVxzXxorynJWf4
Static task
static1
Malware Config
Extracted
vidar
55.2
915
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
915
Targets
-
-
Target
e3f46e0867414f00679e5bc53274d3a31f638fa2cdc0741d3b44d43b1eff2dbf
-
Size
1.3MB
-
MD5
ad7d67cd7f4e1a7800fe5c7bbe05ddd8
-
SHA1
880486310ef5c7022e6d5bb7cf6be19cb697e1d5
-
SHA256
e3f46e0867414f00679e5bc53274d3a31f638fa2cdc0741d3b44d43b1eff2dbf
-
SHA512
6bf8c4d7bae3b6fa224479a15bafee269d86a2e4053a4f888fa7f5b85b9317e8c7f38940811d3a97145b53a91625794d52de18fa2bc0d331d976f52b528c66cf
-
SSDEEP
24576:CUrBoqYRYLnRf1MnN4YyStR1gzX5/vwYcyUgJrEzweLNf4:ZrBVxzXxorynJWf4
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-