General
-
Target
Setup_File_1234_Pass.rar
-
Size
7.2MB
-
Sample
221107-yyb1sahhfp
-
MD5
d6c9bc4d022da1753855c8846c643789
-
SHA1
134ce8e2c6a07d96bdbda6bd55ba4dc13b7ca6c6
-
SHA256
fe921cf2f70cd58c368557e92bb70a35f04f29f7c770adbafd252278c508947d
-
SHA512
ca302ceea90f7e404da9557ce8877c67b7f2abb5b3a4f75a2038e48c7d5435c42a953c96f391c4c57d8474b6b1dfde9fc0b841cc3f17afd7b3f3a63f16b417bb
-
SSDEEP
196608:+4gRYG0KqQ0fn+SqTbd0kxdNLtxoiCXHd:+jGGcQTRxTbNwd
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
55.6
1707
https://t.me/seclab_new
https://mas.to/@ofadex
-
profile_id
1707
Targets
-
-
Target
Setup.exe
-
Size
388.6MB
-
MD5
dabb9fa2bc0fecc74ad2ac258d522728
-
SHA1
3931aae8cdd09f887c9b46626cd2567e013a810e
-
SHA256
3d6a042531eab580edcae295e760b7420052ab2b3ad0d9642605dcc54c5343b2
-
SHA512
d8335860e6c128c749b41bbd4a17de0f50f70cb8dcc3c7b5902160b24ac5e1b201f9bc71c434d66e152b67c0dff7d52c627062cd18751b7f26152f63a756b0ef
-
SSDEEP
196608:mrzrFSPl2sJX6a5FNabRfYSy50sGw8gPjAQSJ6IQ0aXA8lg2:yFGl5Kas9Fy9vcQ0z89
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-