General
-
Target
48bc23c628e7dbec916fbe213d1c19336ebab4f868d083b9f0b60e9a4ed8e135.zip
-
Size
4.8MB
-
Sample
221124-hqx1aaad4t
-
MD5
38a3d5c6dea850900917b1d1fb4eafd9
-
SHA1
8ca7b03463d5e5d94ab55296649a9195eb403984
-
SHA256
bada7daeb7ad94d96b5d6ee9c7af6109049fe8533bfb693f9f6bf89e9a15ac13
-
SHA512
6fdbbe0034b523b31d73a95039907f07479e8073ae01b3236565eaaa71b52d34d5a0b43ce17509bb2c2361a477a761b40934889276933afdc1742b8ebad9fa1d
-
SSDEEP
98304:JxZZxVyMG0xHKHeCD4Ajty4jdjbfa8dCFwoE71JuBo6qQz:JxfpGrx4ARy4jdTQFzERJuuGz
Static task
static1
Behavioral task
behavioral1
Sample
48bc23c628e7dbec916fbe213d1c19336ebab4f868d083b9f0b60e9a4ed8e135.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
55.8
1364
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1364
Targets
-
-
Target
48bc23c628e7dbec916fbe213d1c19336ebab4f868d083b9f0b60e9a4ed8e135
-
Size
401.8MB
-
MD5
5d6327408e44adf535cc87c1c5c6d798
-
SHA1
c10d3e5f24fdb7606cec6f3c4c1592357f5c3e94
-
SHA256
48bc23c628e7dbec916fbe213d1c19336ebab4f868d083b9f0b60e9a4ed8e135
-
SHA512
7b4f87b3077bb25b75374ab1947365afe9d188b26ccd90a856bd8be2f2a66c917b19c42d60a87c0609157705887732a36d8ed2eff12645a4b6e88859b36d8b06
-
SSDEEP
98304:sJtlRjoW9bzlVnQ3NHJFiU92BY8Lk3fAcpiZ8Kk:epNpVnQ3xrcBY2cMZhk
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-