General
-
Target
Setup.exe
-
Size
870KB
-
Sample
221128-hwxxgaab6x
-
MD5
e2d9b6d75e486079765a8c73aa82e52e
-
SHA1
3ef57a6cdc8350240b27e1c832f0292a4a24e823
-
SHA256
2c993eb220436695d78783d2a6520951e4ce2b65311a96b904a063abdc088235
-
SHA512
108164ff8d24e44e4bc5160c876ff64a07f069b1f2be4ff40251f0221bc5f35c7d598292e9770a931204b66bc87fefc87b2a78bfaaebe03f65ba82350a96e3d2
-
SSDEEP
24576:248cD30gdMnJImA0km0HIArQajeT0w+5gmbatBZCI:FIgdMnJImByrQ8eow+5gmYA
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.9
1325
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1325
Targets
-
-
Target
Setup.exe
-
Size
870KB
-
MD5
e2d9b6d75e486079765a8c73aa82e52e
-
SHA1
3ef57a6cdc8350240b27e1c832f0292a4a24e823
-
SHA256
2c993eb220436695d78783d2a6520951e4ce2b65311a96b904a063abdc088235
-
SHA512
108164ff8d24e44e4bc5160c876ff64a07f069b1f2be4ff40251f0221bc5f35c7d598292e9770a931204b66bc87fefc87b2a78bfaaebe03f65ba82350a96e3d2
-
SSDEEP
24576:248cD30gdMnJImA0km0HIArQajeT0w+5gmbatBZCI:FIgdMnJImByrQ8eow+5gmYA
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-