General
-
Target
file.exe
-
Size
4.1MB
-
Sample
221123-qhsplaea82
-
MD5
c9c2019117e77fe3d26ba4c47595bbb9
-
SHA1
121deb4e364fc43b29d9025b3d7bb4a28eea9982
-
SHA256
44bd9084d0e09c6700364fe22001809a5ad5c160bce5a626c468ea1758a09c15
-
SHA512
33b9d4f17598bdb5b35795d0fb96b4b31e0d74d79741e14f04fb16e64bfa95577a86c792c3a937f48bc419300b1f0dbffb3f6426192231673e658456574f856b
-
SSDEEP
98304:Gnc0giTB0H14mCsd8duADtV5aVD8iPQlBjCS/iRKy6BM:G4iTB09Cs6Jt+VdQWnREBM
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.8
1679
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
4.1MB
-
MD5
c9c2019117e77fe3d26ba4c47595bbb9
-
SHA1
121deb4e364fc43b29d9025b3d7bb4a28eea9982
-
SHA256
44bd9084d0e09c6700364fe22001809a5ad5c160bce5a626c468ea1758a09c15
-
SHA512
33b9d4f17598bdb5b35795d0fb96b4b31e0d74d79741e14f04fb16e64bfa95577a86c792c3a937f48bc419300b1f0dbffb3f6426192231673e658456574f856b
-
SSDEEP
98304:Gnc0giTB0H14mCsd8duADtV5aVD8iPQlBjCS/iRKy6BM:G4iTB09Cs6Jt+VdQWnREBM
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-