General
-
Target
Set_up_Yuki_x64_bit.exe
-
Size
2.4MB
-
Sample
221116-wr6kpscc72
-
MD5
715762e2c5e6f330e375f900bf37250b
-
SHA1
4ff0aa59b204982a146bf282a77f1919233d72b5
-
SHA256
2abdb6ee06f2e7eea7cce7258e665a92f1b4cb825c4635096da785e2eb1de377
-
SHA512
993b8cae22da78d98d84508c77926ddc558f8e5f56109933fb04620825cb8dba8b4622ea8fadcb15263f10dfa4152054314ce4fb553511b8175ab5df3a3cf02c
-
SSDEEP
24576:puT+E/uX1eJzBECjwnnzCBQaPPPg6FRB6nyNP6kVU+UW40:e+8BECjwnzCBQaZx6nyNPLU+UF0
Static task
static1
Behavioral task
behavioral1
Sample
Set_up_Yuki_x64_bit.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.7
1325
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1325
Targets
-
-
Target
Set_up_Yuki_x64_bit.exe
-
Size
2.4MB
-
MD5
715762e2c5e6f330e375f900bf37250b
-
SHA1
4ff0aa59b204982a146bf282a77f1919233d72b5
-
SHA256
2abdb6ee06f2e7eea7cce7258e665a92f1b4cb825c4635096da785e2eb1de377
-
SHA512
993b8cae22da78d98d84508c77926ddc558f8e5f56109933fb04620825cb8dba8b4622ea8fadcb15263f10dfa4152054314ce4fb553511b8175ab5df3a3cf02c
-
SSDEEP
24576:puT+E/uX1eJzBECjwnnzCBQaPPPg6FRB6nyNP6kVU+UW40:e+8BECjwnzCBQaZx6nyNPLU+UF0
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-