General
-
Target
Setup.exe
-
Size
761.7MB
-
Sample
221123-lj5ckabe83
-
MD5
f0debc46a47f40bbffbf8d563973a0f5
-
SHA1
62182857b58cddee7903f66710ed0d7827e0d35d
-
SHA256
85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb
-
SHA512
7587e0313edcadd91c1c75d2737fa31cee2498dc85a371d291af8d11f883808acab4bcf96d6062eae15f1f75eb346ca5cfed4cf1dfbbcb89d5cb10ee0392c8f9
-
SSDEEP
12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ23:vbIkg9HUz/iD6sZI
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10-20220812-en
Malware Config
Extracted
vidar
55.7
1375
https://t.me/deadftx
https://www.tiktok.com/@user6068972597711
-
profile_id
1375
Targets
-
-
Target
Setup.exe
-
Size
761.7MB
-
MD5
f0debc46a47f40bbffbf8d563973a0f5
-
SHA1
62182857b58cddee7903f66710ed0d7827e0d35d
-
SHA256
85dee32ceb240f5e255ea6c0aaa516965ebee42072d52373156e1b605d80b7cb
-
SHA512
7587e0313edcadd91c1c75d2737fa31cee2498dc85a371d291af8d11f883808acab4bcf96d6062eae15f1f75eb346ca5cfed4cf1dfbbcb89d5cb10ee0392c8f9
-
SSDEEP
12288:rzVtFFIkfyPV9VRrjCR5TJmkuSiD63cZ23:vbIkg9HUz/iD6sZI
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-