General
-
Target
9ef5e9112b6f46e3aa83394ab5cb5d7a160b80cbe31c1b179d11c6d1b17d782d
-
Size
349KB
-
Sample
221030-cem32sgah3
-
MD5
322e56c0800806f7b0c22a29b9621cc3
-
SHA1
09a9a0eaec8facaed1d2d8f82990fa154e80a470
-
SHA256
9ef5e9112b6f46e3aa83394ab5cb5d7a160b80cbe31c1b179d11c6d1b17d782d
-
SHA512
e882375c48ee3305f0afcebee7933a76c8017e670e6e76b1b8286b7357d17d39ae0dce1020c8358fae5de71591294a44e2457034181bdd860f30579615db204f
-
SSDEEP
6144:MoyBdKL41FCkJdCKr3S9eFpAGKZt55VfqBk1oYhM8uOiopMbrYB:MPB8M1FCkd3S9e4jZtxqauYW8/iRY
Static task
static1
Malware Config
Extracted
vidar
55.3
937
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
937
Targets
-
-
Target
9ef5e9112b6f46e3aa83394ab5cb5d7a160b80cbe31c1b179d11c6d1b17d782d
-
Size
349KB
-
MD5
322e56c0800806f7b0c22a29b9621cc3
-
SHA1
09a9a0eaec8facaed1d2d8f82990fa154e80a470
-
SHA256
9ef5e9112b6f46e3aa83394ab5cb5d7a160b80cbe31c1b179d11c6d1b17d782d
-
SHA512
e882375c48ee3305f0afcebee7933a76c8017e670e6e76b1b8286b7357d17d39ae0dce1020c8358fae5de71591294a44e2457034181bdd860f30579615db204f
-
SSDEEP
6144:MoyBdKL41FCkJdCKr3S9eFpAGKZt55VfqBk1oYhM8uOiopMbrYB:MPB8M1FCkd3S9e4jZtxqauYW8/iRY
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-