General
-
Target
file.exe
-
Size
301KB
-
Sample
221109-tt9c9sacc4
-
MD5
9964dec7f63403963374ebae4ba27e44
-
SHA1
51c8d242bbbc34b9d0135bcdaa53b5e78449b73d
-
SHA256
0b98114cfbe3e32c681ebb5a4a867391da2d235b771227af97f46825b95de3f2
-
SHA512
41cc95c052b85997c47cceaa0665788607b577005e93ae08b48b54d10a3ead190f56219238d3579e45ce18601220474f8e860ad8efb1d22c475070d79c202937
-
SSDEEP
6144:LULLZmLoTDBbi+HYAfLrCnMvIX5t+9PIe1v3x1m:QsLoTDBbvLsCut+S
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
55.6
517
https://t.me/seclab_new
https://mas.to/@ofadex
-
profile_id
517
Targets
-
-
Target
file.exe
-
Size
301KB
-
MD5
9964dec7f63403963374ebae4ba27e44
-
SHA1
51c8d242bbbc34b9d0135bcdaa53b5e78449b73d
-
SHA256
0b98114cfbe3e32c681ebb5a4a867391da2d235b771227af97f46825b95de3f2
-
SHA512
41cc95c052b85997c47cceaa0665788607b577005e93ae08b48b54d10a3ead190f56219238d3579e45ce18601220474f8e860ad8efb1d22c475070d79c202937
-
SSDEEP
6144:LULLZmLoTDBbi+HYAfLrCnMvIX5t+9PIe1v3x1m:QsLoTDBbvLsCut+S
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-