General
-
Target
d0f0577d7516a681492b8be0ee6f445dbd79242b41e14e03f5f5f60f1b9069c1.exe.vir
-
Size
1.2MB
-
Sample
221201-jjbzxabh2t
-
MD5
4ed26de3325de24f119410a627a2a615
-
SHA1
068a91b7e97131e5c021e70238b6643442349d42
-
SHA256
b2ee9004b67cf5e18cf5edbef8588bfac3e6e21486c1554945472a001a1be9bb
-
SHA512
5dc751b8661dbeef5d7d008fb6367af35a246ee7b8d59a1cf501632cd0f87415daddd241f6bf59976b9797a6beabbc607d014da7f97292a37d67695409f552cd
-
SSDEEP
24576:C4Gh8YtmFZFi4zrPWrXhR8QZQucP0Bebtoa35J0LbpY3K+ngD:C4Gyz8b8QZ4LGpYaE
Static task
static1
Behavioral task
behavioral1
Sample
d0f0577d7516a681492b8be0ee6f445dbd79242b41e14e03f5f5f60f1b9069c1.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
56
1148
https://t.me/asifrazatg
https://steamcommunity.com/profiles/76561199439929669
-
profile_id
1148
Targets
-
-
Target
d0f0577d7516a681492b8be0ee6f445dbd79242b41e14e03f5f5f60f1b9069c1.exe.vir
-
Size
1.2MB
-
MD5
4ed26de3325de24f119410a627a2a615
-
SHA1
068a91b7e97131e5c021e70238b6643442349d42
-
SHA256
b2ee9004b67cf5e18cf5edbef8588bfac3e6e21486c1554945472a001a1be9bb
-
SHA512
5dc751b8661dbeef5d7d008fb6367af35a246ee7b8d59a1cf501632cd0f87415daddd241f6bf59976b9797a6beabbc607d014da7f97292a37d67695409f552cd
-
SSDEEP
24576:C4Gh8YtmFZFi4zrPWrXhR8QZQucP0Bebtoa35J0LbpY3K+ngD:C4Gyz8b8QZ4LGpYaE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-