General
-
Target
Setup.exe.7z
-
Size
343KB
-
Sample
221123-le5grsbb66
-
MD5
2f62e3867adf91bd0bd4051a4c346bcb
-
SHA1
fe7d0812f0e41f6e1588b3367c00341ba82a0357
-
SHA256
16bcd1e33bb05108b76f8ea31011d4a2d297dbcce37f6fb2a3c3347ab7190a51
-
SHA512
4fc87bee52af8fc247e788c7dbd17933a9ccb9a076d54dc53f95c74822c4d04c18e3aa22a525320027030af39433f007e4470fdecb226a84789b83cd5342c76d
-
SSDEEP
6144:KRJi+ttc88iCJtGCjygXtZ8fz6luL33+dfkGCn+kdD2crjxFYPag06ty:2JiytmrNRXt+wfM+kl2bag06ty
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win10-20220812-en
Malware Config
Extracted
vidar
55.7
1375
https://t.me/deadftx
https://www.tiktok.com/@user6068972597711
-
profile_id
1375
Targets
-
-
Target
Setup.exe
-
Size
761.7MB
-
MD5
f0debc46a47f40bbffbf8d563973a0f5
-
SHA1
62182857b58cddee7903f66710ed0d7827e0d35d
-
SHA256
85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb
-
SHA512
7587e0313edcadd91c1c75d2737fa31cee2498dc85a371d291af8d11f883808acab4bcf96d6062eae15f1f75eb346ca5cfed4cf1dfbbcb89d5cb10ee0392c8f9
-
SSDEEP
12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ23:vbIkg9HUz/iD6sZI
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-