General
-
Target
48bc23c628e7dbec916fbe213d1c19336ebab4f868d08.exe
-
Size
4.0MB
-
Sample
221124-hs8jssff48
-
MD5
53d2acf9be6296d3aceb4ae9ac788f8c
-
SHA1
da60d78c18ccea5e394758c1ab226912b4240aad
-
SHA256
e6a6768113ac95564ad2d20108435e8dd65bfe3fc741249039835076d4aba350
-
SHA512
1494af01a22ed6615939052dabad7572d4ee69813dbf7894c0105db63c2cf00806ffb246cdc21eedf1ffbe36ace4d0f74a32b1d0d9c03b4612c8e9438a0edbe7
-
SSDEEP
98304:sJtlRjoW9bzlVnQ3NHJFiU92BY8Lk3fAcpiZ8K:epNpVnQ3xrcBY2cMZh
Static task
static1
Behavioral task
behavioral1
Sample
48bc23c628e7dbec916fbe213d1c19336ebab4f868d08.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
55.8
1364
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1364
Targets
-
-
Target
48bc23c628e7dbec916fbe213d1c19336ebab4f868d08.exe
-
Size
4.0MB
-
MD5
53d2acf9be6296d3aceb4ae9ac788f8c
-
SHA1
da60d78c18ccea5e394758c1ab226912b4240aad
-
SHA256
e6a6768113ac95564ad2d20108435e8dd65bfe3fc741249039835076d4aba350
-
SHA512
1494af01a22ed6615939052dabad7572d4ee69813dbf7894c0105db63c2cf00806ffb246cdc21eedf1ffbe36ace4d0f74a32b1d0d9c03b4612c8e9438a0edbe7
-
SSDEEP
98304:sJtlRjoW9bzlVnQ3NHJFiU92BY8Lk3fAcpiZ8K:epNpVnQ3xrcBY2cMZh
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-