General
-
Target
Full_Setup_1234_Pass.rar
-
Size
8.1MB
-
Sample
221105-17ybgsaad8
-
MD5
188b96873c9617775e922007bb8d2fd0
-
SHA1
c646f36ff34618cd37dcaab1665c33236555c374
-
SHA256
0e0ee13b0ab4e04f36898600ae7c5d7879fb0fe6987945ab9f9fe16bcc55f00f
-
SHA512
e041db923a4646fffacf6d4f635a9c59b273e591d890468d71a7336731fa1418a2af1d7870007f86f6177703f2da1db5ccd16d18af299cae620af2f811b01482
-
SSDEEP
196608:GLd4rl/dI63mXRJtwmoJfg2/SGNGo0R1LrQg1w:GJ8NdI4CtwmoO26SGVBr9w
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.5
1707
https://t.me/tg_turgay
https://ioc.exchange/@xiteb15011
-
profile_id
1707
Targets
-
-
Target
Setup.exe
-
Size
384.8MB
-
MD5
a2640fdc16ef5d0c2ef6e4522acb8d09
-
SHA1
1b3826a6b3902b9196f44674198e4dd14b61b173
-
SHA256
aac11f66a2c01d8148dac4b1b8ce5a8949bf3bb89d4f9ebc31ea5f305f66a273
-
SHA512
cf928e1cb1608d6eabb6bd527c18a251b2cc452896d9b5ddef27703a92ad7aa5e9778837a77b46a53dc95832a334a795c040864b286407cae945d74579aa7432
-
SSDEEP
196608:DsAIJgne0xMOEkC14KqFaitT9AMeptlkYdi+dO2o:DAJgnpjEtqFlpAMMqYIM
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-