General
-
Target
2a104160104581f7a5d5ace6cfbfc507.exe
-
Size
292KB
-
Sample
221127-jwjkhsbc94
-
MD5
2a104160104581f7a5d5ace6cfbfc507
-
SHA1
9cd8c773238b3ebde1010048df121003f225f7cd
-
SHA256
ca325db87d417d1b142fc76c5f8e6c093dab172458e89c456b7f4bb374c02d82
-
SHA512
49fe4cc256b48ffbbca1c432683b8a224ec91e9280205f1d5136ae8a4ec64f9bf51d6e98be10f4b37c46bbce780648036b2b946ac201e4dc450ebf0ebc7ad5dd
-
SSDEEP
6144:JIgiXvIFG8QZYl/JxcUoSSwu5To9jqnbKUn3fORcRhb8UihHl:JPFRHcUoSSwu5To9jvUnPORcRhb2
Behavioral task
behavioral1
Sample
2a104160104581f7a5d5ace6cfbfc507.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
55.8
1711
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1711
Targets
-
-
Target
2a104160104581f7a5d5ace6cfbfc507.exe
-
Size
292KB
-
MD5
2a104160104581f7a5d5ace6cfbfc507
-
SHA1
9cd8c773238b3ebde1010048df121003f225f7cd
-
SHA256
ca325db87d417d1b142fc76c5f8e6c093dab172458e89c456b7f4bb374c02d82
-
SHA512
49fe4cc256b48ffbbca1c432683b8a224ec91e9280205f1d5136ae8a4ec64f9bf51d6e98be10f4b37c46bbce780648036b2b946ac201e4dc450ebf0ebc7ad5dd
-
SSDEEP
6144:JIgiXvIFG8QZYl/JxcUoSSwu5To9jqnbKUn3fORcRhb8UihHl:JPFRHcUoSSwu5To9jvUnPORcRhb2
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-