General
-
Target
Software by Yuki.rar
-
Size
869KB
-
Sample
221116-yqdjmsgf8s
-
MD5
245eaf35b12979b5064db6ac2488b0c1
-
SHA1
f3fbd989bfd25fa76cc77f6643b5835a295d4e1c
-
SHA256
a29e0591b394937ffcf1c020eccbd3e17546d09cd143896ef23f0cca3e65eaf7
-
SHA512
574ca1206d828a7c5333c317d78cbbc152e680b275fdc0b052faf994dcbcac79ab10debf037f6ce24daf6146466ff86884932da1ffdf20d347c6268b33cf690c
-
SSDEEP
24576:QZCevsBvQHg+hxGfi0X4gWCPBAS9OCX4nswgxZ+tE4s:QtHg+hxsXrOc4ns7cEZ
Static task
static1
Behavioral task
behavioral1
Sample
Software by Yuki/Set_up_Yuki_x64_bit.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.7
1325
https://t.me/deadftx
https://www.ultimate-guitar.com/u/smbfupkuhrgc1
-
profile_id
1325
Targets
-
-
Target
Software by Yuki/Set_up_Yuki_x64_bit.exe
-
Size
686.4MB
-
MD5
e2524e747f7a208b556eb539d00f6bc3
-
SHA1
c353f75406a8643085e1590d76fc81f4c9d051ef
-
SHA256
0bbfad12bc7ed3664ffd4ac968b793a379da2dbc6f8496039ec21c00c8ab3102
-
SHA512
73eae8c6ecadee77d6c6f940de13ce268dbb5c18a83f2abee8df46f56dd68f88c7b8ea9e6ef48ac41e7e56ec66feea09bdb4b289a8425e8238ab9fff2ea3e308
-
SSDEEP
24576:puT+E/uX1eJzBECjwnnzCBQaPPPg6FRB6nyNP6kVU+UW40:e+8BECjwnzCBQaZx6nyNPLU+UF0
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-