General
-
Target
f4a2a8a7d1d2c7b26f4e54ca2612f71a.exe
-
Size
1.2MB
-
Sample
221116-k9lgpsdh5x
-
MD5
f4a2a8a7d1d2c7b26f4e54ca2612f71a
-
SHA1
744fadee7a1e67bee2cf1a534a63483ab1d2e3f8
-
SHA256
9d5670638fac6e9e5670cd6985894e9b2fcf1fb334973e5e3424fb246f835e11
-
SHA512
4432c4f8cdfb4b36eb7f6b8794348bce1ecc06709ceb2a804998b1685d22f5f539134dc6e1df95b9834390a06ff8eb804f5bbd517522e6f4b0afa7374a4cd9c5
-
SSDEEP
24576:QolGO8/6YpXCGf+SK/ftRnMh9+bTLWdaVom4v7FM:Q0GL6YpZmSat5LWdNhM
Malware Config
Extracted
systembc
89.22.225.242:4193
195.2.93.22:4193
Extracted
vidar
55.7
1754
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1754
Targets
-
-
Target
f4a2a8a7d1d2c7b26f4e54ca2612f71a.exe
-
Size
1.2MB
-
MD5
f4a2a8a7d1d2c7b26f4e54ca2612f71a
-
SHA1
744fadee7a1e67bee2cf1a534a63483ab1d2e3f8
-
SHA256
9d5670638fac6e9e5670cd6985894e9b2fcf1fb334973e5e3424fb246f835e11
-
SHA512
4432c4f8cdfb4b36eb7f6b8794348bce1ecc06709ceb2a804998b1685d22f5f539134dc6e1df95b9834390a06ff8eb804f5bbd517522e6f4b0afa7374a4cd9c5
-
SSDEEP
24576:QolGO8/6YpXCGf+SK/ftRnMh9+bTLWdaVom4v7FM:Q0GL6YpZmSat5LWdNhM
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-