General
-
Target
file.exe
-
Size
3.9MB
-
Sample
221130-l58bcaah22
-
MD5
9c3c87d5e02936d71413e832f7c0dbe9
-
SHA1
d3a691cc3af3260f8e72e032f14d62c5b70e2bc8
-
SHA256
317bcd852a5793fdbb1667d9ddbab72ae0c6eb28c6f1873cdb2bfa439ec5cf12
-
SHA512
8dd56f4ee9ed203caa9f0dd237b720e8eca65b1cf1a841e0291281cdc6f36ae212d7cb120466922b547806d28098a0ceb350a42d5e22f2333dcaed61f07836d8
-
SSDEEP
98304:79UDnKDOkISzfzatyyZnLlgv5LaZuZxgw/xnKo:UnKD/B2yC5M5Lai7/xl
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
56
1679
https://t.me/asifrazatg
https://steamcommunity.com/profiles/76561199439929669
-
profile_id
1679
Targets
-
-
Target
file.exe
-
Size
3.9MB
-
MD5
9c3c87d5e02936d71413e832f7c0dbe9
-
SHA1
d3a691cc3af3260f8e72e032f14d62c5b70e2bc8
-
SHA256
317bcd852a5793fdbb1667d9ddbab72ae0c6eb28c6f1873cdb2bfa439ec5cf12
-
SHA512
8dd56f4ee9ed203caa9f0dd237b720e8eca65b1cf1a841e0291281cdc6f36ae212d7cb120466922b547806d28098a0ceb350a42d5e22f2333dcaed61f07836d8
-
SSDEEP
98304:79UDnKDOkISzfzatyyZnLlgv5LaZuZxgw/xnKo:UnKD/B2yC5M5Lai7/xl
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-