General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.24423.19936.exe
-
Size
389KB
-
Sample
221130-2etm9sed3t
-
MD5
dc25367580940e04fdbf1b41a4668dd6
-
SHA1
62e8ef3cfa7eb33d59e46cfe2ee1cba3600cf4a9
-
SHA256
71f865d049fb8a9d07c0e65fcfa174e200dc5fd1e9de3af19f5d77f8a2014305
-
SHA512
612f0ac06684a2662f67a68fda021287b397ebaa76c9f781d4fad14bf6e94daf12d1978e1f14c13369e3987f094382f52af90f4d6979fa9c535d2dac64db5075
-
SSDEEP
6144:y0bIsnW+IgPCq6z0RBwhlKmutkJ5RytVuq/i/o7jSIUeH0Jf7fBBr:yDsW+IgPCXvvKmuqfy7ogStM0JfjH
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.24423.19936.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.9
909
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
909
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.24423.19936.exe
-
Size
389KB
-
MD5
dc25367580940e04fdbf1b41a4668dd6
-
SHA1
62e8ef3cfa7eb33d59e46cfe2ee1cba3600cf4a9
-
SHA256
71f865d049fb8a9d07c0e65fcfa174e200dc5fd1e9de3af19f5d77f8a2014305
-
SHA512
612f0ac06684a2662f67a68fda021287b397ebaa76c9f781d4fad14bf6e94daf12d1978e1f14c13369e3987f094382f52af90f4d6979fa9c535d2dac64db5075
-
SSDEEP
6144:y0bIsnW+IgPCq6z0RBwhlKmutkJ5RytVuq/i/o7jSIUeH0Jf7fBBr:yDsW+IgPCXvvKmuqfy7ogStM0JfjH
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-