General
-
Target
file.exe
-
Size
4.0MB
-
Sample
221127-q3h1wsbh74
-
MD5
c2256c4496c8ced6ee045dcfb71544fe
-
SHA1
0bf68bd2282304dfeee529b02f73d7ba105c9d65
-
SHA256
3b66abe3a8f155402ec2d039a4f469aa7c515379cfbc214a8b89406c16415a17
-
SHA512
35ce5418609821519946bbe4f6a6b9ff7eeb7ec8e951e33b33aa169bf3f80fca062bc6e6e50eb9be1e12c4969114b5fc99599cdefaf2262a93fd912d9bde0994
-
SSDEEP
98304:cIRJlTNWsvLKHG9lz2QY5Bt4G5w0g4zJVEr1jef8:conTNWseMRdDGa+y
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.9
1679
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
4.0MB
-
MD5
c2256c4496c8ced6ee045dcfb71544fe
-
SHA1
0bf68bd2282304dfeee529b02f73d7ba105c9d65
-
SHA256
3b66abe3a8f155402ec2d039a4f469aa7c515379cfbc214a8b89406c16415a17
-
SHA512
35ce5418609821519946bbe4f6a6b9ff7eeb7ec8e951e33b33aa169bf3f80fca062bc6e6e50eb9be1e12c4969114b5fc99599cdefaf2262a93fd912d9bde0994
-
SSDEEP
98304:cIRJlTNWsvLKHG9lz2QY5Bt4G5w0g4zJVEr1jef8:conTNWseMRdDGa+y
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-