General
-
Target
Software_Yuki.zip
-
Size
1.4MB
-
Sample
221111-qwhfsafg62
-
MD5
d8edde8e242fe61b58265c6a326ea435
-
SHA1
d8c50123a7d8bae21fbf1a826a06f6534f00039f
-
SHA256
19857840331c8cc15dca34f5ad42c9d413cedfa307707d9c3764f2e7b43fc500
-
SHA512
23a1ba690541d4d976407a120fe65cf9525409a1590750cfec821e41669d657fd56d89b2fac33f15dc93715d3477b467a5db0081159252038c0e3c3b348ff687
-
SSDEEP
24576:FAFUwIND8EcBD1YjTqnw4UFlxYYitUEoiIlPchl4itVnjLWibSm0Mus:FOai0jGSwzslPYl/uAz0fs
Static task
static1
Behavioral task
behavioral1
Sample
Software Yuki/Set_Yuki_x64.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.6
1325
https://t.me/seclab_new
https://koyu.space/@ofade
-
profile_id
1325
Targets
-
-
Target
Software Yuki/Set_Yuki_x64.exe
-
Size
686.6MB
-
MD5
3086921f1e7c9f7156ccbc08c9fa25a2
-
SHA1
80e78e6e4a9427729c977e30ee2cc84813542092
-
SHA256
2e2495ef2e8166ecf1015d54972ad676cf3deb5b8b0f32f434dfda48205b87ab
-
SHA512
81e2a221f6070bc255d53e3c4d09b6c681810d977d2d86e6f0f6758f59664bd5e158c3367b6b5ef2232c3f3f7016a02e18069ce06fd7c34817a8020e9ecac622
-
SSDEEP
24576:uv66t3q/zhIYCpnviF18f5xn/T8BlnpvgSHhD:JsqlRuxn/T8j6s
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-