General
-
Target
file.exe
-
Size
399KB
-
Sample
221114-sy6x9sgf6t
-
MD5
107fe0abad964dfdf1045cd8f7524679
-
SHA1
b1fe25b56e6041871c3e901c4aa4f73ad26e8e61
-
SHA256
e58392645053aec0b085aef877aa4692d5253f51535798ba18d7b7165d73390f
-
SHA512
a59acd4d89550f0f7c1b65a5cbbf535bf15d121dd253a1638ff0324348aa63b6c7d90bdac4a5184e5aa0341f28df4db69084854d443d07266cb13e98ecc88c26
-
SSDEEP
6144:wTtwLnvOhl+5viEvbo60CrApOFBcVIOkA6UEn2E1a:wT6LvOhSiETozCEpOF+Hk9UUv
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
55.6
937
https://t.me/seclab_new
https://raw.githubusercontent.com/sebekeloytfu/simple-bash-scripts/master/calculator.sh
-
profile_id
937
Targets
-
-
Target
file.exe
-
Size
399KB
-
MD5
107fe0abad964dfdf1045cd8f7524679
-
SHA1
b1fe25b56e6041871c3e901c4aa4f73ad26e8e61
-
SHA256
e58392645053aec0b085aef877aa4692d5253f51535798ba18d7b7165d73390f
-
SHA512
a59acd4d89550f0f7c1b65a5cbbf535bf15d121dd253a1638ff0324348aa63b6c7d90bdac4a5184e5aa0341f28df4db69084854d443d07266cb13e98ecc88c26
-
SSDEEP
6144:wTtwLnvOhl+5viEvbo60CrApOFBcVIOkA6UEn2E1a:wT6LvOhSiETozCEpOF+Hk9UUv
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-