General
-
Target
file.exe
-
Size
348KB
-
Sample
221028-qrtcgsffe2
-
MD5
a480984f6dea05271c7af26bdecbdb73
-
SHA1
ad0471ebc24fbe40acc8339384ed137e9acd7d49
-
SHA256
71e90c9c40a3a18c3220d7cc3cd62735ef19a47e4f06563e3dc593745ffdb707
-
SHA512
5267814fd35d27aa3d8504f5f6716bcb024ed6f2646f71dd893a7278142d9f1a082c53e3cbc173ac0301a10967779111b7ff0884ed2acab0fa37ee1d23728a63
-
SSDEEP
6144:hZuHxL6T9Lj1DN858YrE/r4wCRsxFSf4WI6aT:hZuHx2pLxB855rEMhwFwIdT
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.3
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
file.exe
-
Size
348KB
-
MD5
a480984f6dea05271c7af26bdecbdb73
-
SHA1
ad0471ebc24fbe40acc8339384ed137e9acd7d49
-
SHA256
71e90c9c40a3a18c3220d7cc3cd62735ef19a47e4f06563e3dc593745ffdb707
-
SHA512
5267814fd35d27aa3d8504f5f6716bcb024ed6f2646f71dd893a7278142d9f1a082c53e3cbc173ac0301a10967779111b7ff0884ed2acab0fa37ee1d23728a63
-
SSDEEP
6144:hZuHxL6T9Lj1DN858YrE/r4wCRsxFSf4WI6aT:hZuHx2pLxB855rEMhwFwIdT
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-