General
-
Target
787cd448a7ff9e11c343b70edaff28efb05b0d97d6311bf599a9eda2eb2d65be
-
Size
554KB
-
Sample
221202-snretshh79
-
MD5
195df35a367c83f331b4928fc3bb4d84
-
SHA1
e6ae230793c8f60ac2eafa3e4e754861766aba5b
-
SHA256
787cd448a7ff9e11c343b70edaff28efb05b0d97d6311bf599a9eda2eb2d65be
-
SHA512
253c8f2bfd8522ea827cd927c75a29b0bb5472b261e2f06f589cbc68105067c06f5774b66adcc0b6cb7ad84d044d9f356685d204d3ba3c740be3f307d2619d7b
-
SSDEEP
12288:ATT7mskHDxoZDanzicg3gpQhjZ6Ecgl4ZDx9y6JKw7T9+TzhoUlR:AQHDxOKzg3gihjMgIyhw7Ejr
Static task
static1
Malware Config
Extracted
vidar
56
1881
https://t.me/asifrazatg
https://steamcommunity.com/profiles/76561199439929669
-
profile_id
1881
Targets
-
-
Target
787cd448a7ff9e11c343b70edaff28efb05b0d97d6311bf599a9eda2eb2d65be
-
Size
554KB
-
MD5
195df35a367c83f331b4928fc3bb4d84
-
SHA1
e6ae230793c8f60ac2eafa3e4e754861766aba5b
-
SHA256
787cd448a7ff9e11c343b70edaff28efb05b0d97d6311bf599a9eda2eb2d65be
-
SHA512
253c8f2bfd8522ea827cd927c75a29b0bb5472b261e2f06f589cbc68105067c06f5774b66adcc0b6cb7ad84d044d9f356685d204d3ba3c740be3f307d2619d7b
-
SSDEEP
12288:ATT7mskHDxoZDanzicg3gpQhjZ6Ecgl4ZDx9y6JKw7T9+TzhoUlR:AQHDxOKzg3gihjMgIyhw7Ejr
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-