General
-
Target
Setup.exe
-
Size
2.4MB
-
Sample
221127-1eyfsaag34
-
MD5
1ddbec666cfa8990c3e7fe613ad86ec9
-
SHA1
f74fb7085fd84ae7ac066eada6d7ec4d808b7a64
-
SHA256
7ed9633788cead12534277ded82dafa5f16a80b44ec849dd8495f62c874dd5ae
-
SHA512
ac48deb5e5a819a24738ffbce9fff571ec4ed01c6b01262d90a7a0f732acc7fe51df8d247c6ca54c8c66e16fc28bcbd7d48ab402a5dd37fb29b0acfc8419ee3c
-
SSDEEP
24576:248cD30gdMnJImA0km0HIArQajeT0w+5gmbatBZCI:FIgdMnJImByrQ8eow+5gmYA
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
55.9
1325
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1325
Targets
-
-
Target
Setup.exe
-
Size
2.4MB
-
MD5
1ddbec666cfa8990c3e7fe613ad86ec9
-
SHA1
f74fb7085fd84ae7ac066eada6d7ec4d808b7a64
-
SHA256
7ed9633788cead12534277ded82dafa5f16a80b44ec849dd8495f62c874dd5ae
-
SHA512
ac48deb5e5a819a24738ffbce9fff571ec4ed01c6b01262d90a7a0f732acc7fe51df8d247c6ca54c8c66e16fc28bcbd7d48ab402a5dd37fb29b0acfc8419ee3c
-
SSDEEP
24576:248cD30gdMnJImA0km0HIArQajeT0w+5gmbatBZCI:FIgdMnJImByrQ8eow+5gmYA
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-