General
-
Target
2631ab16a328fb1e677dfffbebe122cf9b96540df841edcac6a5a20bd54d6214
-
Size
388KB
-
Sample
221114-y3cg4sdd57
-
MD5
8b401fc82a41458872b2e5345600f46f
-
SHA1
61bcf479e850a0cacc646529a3ec919968379a75
-
SHA256
2631ab16a328fb1e677dfffbebe122cf9b96540df841edcac6a5a20bd54d6214
-
SHA512
ee5652cfba1b32bd9baff0ce09d5396a38b44e4b8443d49c0fcbce897399704a05fc202aae19d3090f9164ff45bfa342cbab666a5cd13f0bd5e86d066e4a14bd
-
SSDEEP
6144:5Mx/LlyOtKoouRLpLlVGgr67nLkBKZjPiE8xPHcsfEndTQ:5M95yOt1o8VlVtr606KpPrfUdT
Static task
static1
Malware Config
Extracted
vidar
55.7
517
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
517
Targets
-
-
Target
2631ab16a328fb1e677dfffbebe122cf9b96540df841edcac6a5a20bd54d6214
-
Size
388KB
-
MD5
8b401fc82a41458872b2e5345600f46f
-
SHA1
61bcf479e850a0cacc646529a3ec919968379a75
-
SHA256
2631ab16a328fb1e677dfffbebe122cf9b96540df841edcac6a5a20bd54d6214
-
SHA512
ee5652cfba1b32bd9baff0ce09d5396a38b44e4b8443d49c0fcbce897399704a05fc202aae19d3090f9164ff45bfa342cbab666a5cd13f0bd5e86d066e4a14bd
-
SSDEEP
6144:5Mx/LlyOtKoouRLpLlVGgr67nLkBKZjPiE8xPHcsfEndTQ:5M95yOt1o8VlVtr606KpPrfUdT
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-