General
-
Target
library_4.exe
-
Size
4.4MB
-
Sample
221115-lw7cpacc9t
-
MD5
0434daf122314a1065ba9eeff2f97907
-
SHA1
891cf86f87c284b8fbb643146e1c1bd4d7063a3e
-
SHA256
7404cb25819f535125e6c4a213d348d077add914be4620b58ba50d364b538ea6
-
SHA512
c7bc3b621d99dcf18ecdce5a847c74373c9dbfe3ece5c5ce7519671495afbe8630489fdd87697ddcc5e1b48825ef21e0bb7fb0828bc271f957ff3298c57cf8de
-
SSDEEP
98304:euIuKmii7S7GAhsD5YBZXI8n3bU7QjZ1SWA6K3ggehHaCj:xIi7S7GAhuYDXI0U7o134u
Behavioral task
behavioral1
Sample
library_4.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.7
1707
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1707
Targets
-
-
Target
library_4.exe
-
Size
4.4MB
-
MD5
0434daf122314a1065ba9eeff2f97907
-
SHA1
891cf86f87c284b8fbb643146e1c1bd4d7063a3e
-
SHA256
7404cb25819f535125e6c4a213d348d077add914be4620b58ba50d364b538ea6
-
SHA512
c7bc3b621d99dcf18ecdce5a847c74373c9dbfe3ece5c5ce7519671495afbe8630489fdd87697ddcc5e1b48825ef21e0bb7fb0828bc271f957ff3298c57cf8de
-
SSDEEP
98304:euIuKmii7S7GAhsD5YBZXI8n3bU7QjZ1SWA6K3ggehHaCj:xIi7S7GAhuYDXI0U7o134u
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-