General
-
Target
7a087c1bcd038c61ddb0f634f9b21e6db9bed59842f19.exe
-
Size
258KB
-
Sample
221129-w8xdcsec73
-
MD5
b9212ded69fae1fa1fb5d6db46a9fb76
-
SHA1
58face4245646b1cd379ee49f03a701eab1642be
-
SHA256
7a087c1bcd038c61ddb0f634f9b21e6db9bed59842f19adeda48b49acb20e16f
-
SHA512
09cab8ccedb9e53d6d2725e8b9dbbe8fa9552607a58d89876b6539a6612b2e7ac0440ef281971bec9191510915fa6264048510add493e6a862b0d3b4f006e342
-
SSDEEP
6144:YdAhH6pftFbsb8XODU4aLTwzLs0+mKnBtt:VUpftVcwIU4aLTwz5tItt
Static task
static1
Behavioral task
behavioral1
Sample
7a087c1bcd038c61ddb0f634f9b21e6db9bed59842f19.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
56
517
https://t.me/asifrazatg
https://steamcommunity.com/profiles/76561199439929669
-
profile_id
517
Targets
-
-
Target
7a087c1bcd038c61ddb0f634f9b21e6db9bed59842f19.exe
-
Size
258KB
-
MD5
b9212ded69fae1fa1fb5d6db46a9fb76
-
SHA1
58face4245646b1cd379ee49f03a701eab1642be
-
SHA256
7a087c1bcd038c61ddb0f634f9b21e6db9bed59842f19adeda48b49acb20e16f
-
SHA512
09cab8ccedb9e53d6d2725e8b9dbbe8fa9552607a58d89876b6539a6612b2e7ac0440ef281971bec9191510915fa6264048510add493e6a862b0d3b4f006e342
-
SSDEEP
6144:YdAhH6pftFbsb8XODU4aLTwzLs0+mKnBtt:VUpftVcwIU4aLTwz5tItt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-