General
-
Target
9e823478f8b4cc0fea25c68e63e9ae85f2274a419dc6c82bea84ee152f0af907.zip
-
Size
4.7MB
-
Sample
221124-hqx1aafd93
-
MD5
56e20bc34fee9c02a8c81b6d7ff10e58
-
SHA1
a17c030deb340d49aea9566035c1583206fd887d
-
SHA256
4cf31f80b104e9507586c9cfd87f01feb69885c7d63867ff0bcd6393fb235b85
-
SHA512
2278776b83fc6feb3c067810ebbe8d7e5bcb50566e2707f3736685b8583421cbb82da94e715b5b19aa9738478b1aadeb86ee3fb88e9221694cc730e60b07774c
-
SSDEEP
98304:uuelwa+05Wcgdggq0T8meILJkXOV3oqm7HrF2IwokgJK:uXDDgddt/3o5FrE
Static task
static1
Behavioral task
behavioral1
Sample
9e823478f8b4cc0fea25c68e63e9ae85f2274a419dc6c82bea84ee152f0af907.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9e823478f8b4cc0fea25c68e63e9ae85f2274a419dc6c82bea84ee152f0af907.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
vidar
55.8
1364
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1364
Targets
-
-
Target
9e823478f8b4cc0fea25c68e63e9ae85f2274a419dc6c82bea84ee152f0af907
-
Size
401.8MB
-
MD5
ff46ba54163c4e07c072612cd5c2ac8f
-
SHA1
4e5aa4c7ac64aa29dfc3ecad796c9698aefdd601
-
SHA256
9e823478f8b4cc0fea25c68e63e9ae85f2274a419dc6c82bea84ee152f0af907
-
SHA512
a909c91ba27b614526ed9e8ceb8b6416750f6d784e893314b879d631b946ebc5134cc62218432329a159fac08b3143f98a3ac77c957bc3bb31b76fdf0017f78f
-
SSDEEP
98304:ylKF/xupJR/EgwFC8qJ6iUkJZ+7aXD6Wl2cPP0hiK:ylCoJgFCXp5D/PPP6iK
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-