General
-
Target
malfile.zip
-
Size
897KB
-
Sample
221123-ngz16sgh28
-
MD5
b1052720fc5ab07858ff32344b0a1b2e
-
SHA1
6a10554390ff354c4b20c7827dccb4b1fe05871c
-
SHA256
4bb964855888aa340c675533ded2b0d524c0817378f05d47f627c6756aa017a2
-
SHA512
b3debd09d8582b3c3350735532d018a2ad10aee52308287daa45fc633c51120247a5e5f4ade26e62bf8fb94a02221ad60df5417bd14e7444a5eee8ead35e8de2
-
SSDEEP
24576:uN9qggO3GtZHj9YeFzGXjxtYwkeNMbHJ5c/lemdyN:ROWtNqjjVgLc/lhE
Static task
static1
Behavioral task
behavioral1
Sample
npp.8.4.7.Installer.x64/npp.8.4.7.Installer.x64.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.8
1340
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1340
Targets
-
-
Target
npp.8.4.7.Installer.x64/npp.8.4.7.Installer.x64.exe
-
Size
555.0MB
-
MD5
4d556911a3a2c22dbd35f381ed7d9dbb
-
SHA1
9439c5dc5dab13d38c279454d5a16e580599700a
-
SHA256
7f9202f5ee95364f2df5bbc6563548667f314678f0561eb052524d5103ec4b00
-
SHA512
f8c275a1839ec498eeaaa8f59ad394ba860474bf4a3e7cc581713e6be4bf13c69acfef921a4b878bad1d49eee22f5cac89aeab3341fdb28349dee2508544f612
-
SSDEEP
3072:DJ6pgZGjXpoGoByXPQs2UTXQ8yb7aFcqiSIvF68KJ9oEZqc:DJOgZGbpYByPT7lyvIcTSIvF68KIc
-
Executes dropped EXE
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-