General
-
Target
file.exe
-
Size
348KB
-
Sample
221027-x678hsdcfq
-
MD5
a9d2515d9de2febd7339b2882c6be83d
-
SHA1
e8c260dd3c7ef1276b5a3434c1c8907c5653b609
-
SHA256
53b9574dfc4abdd1b4ce4a65220e0a202cc4113a0d6dc0301f921dd9000e70fe
-
SHA512
fc34ea186b14b0b1d59ee4d4c87f8058cec7dcf68eb16592ceb7b11a82bf974b1982516ce17d1acc4e81406e2d44c6accd7c0c0e77772e6ec836dc7cba87dd0a
-
SSDEEP
6144:XT4o1txipVXbIR2HZ7Z4JT7N1pnJhKPdi0:X0o1txodbIR+7Z4p7LfhKPdr
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.3
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
file.exe
-
Size
348KB
-
MD5
a9d2515d9de2febd7339b2882c6be83d
-
SHA1
e8c260dd3c7ef1276b5a3434c1c8907c5653b609
-
SHA256
53b9574dfc4abdd1b4ce4a65220e0a202cc4113a0d6dc0301f921dd9000e70fe
-
SHA512
fc34ea186b14b0b1d59ee4d4c87f8058cec7dcf68eb16592ceb7b11a82bf974b1982516ce17d1acc4e81406e2d44c6accd7c0c0e77772e6ec836dc7cba87dd0a
-
SSDEEP
6144:XT4o1txipVXbIR2HZ7Z4JT7N1pnJhKPdi0:X0o1txodbIR+7Z4p7LfhKPdr
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-