General
-
Target
7a087c1bcd038c61ddb0f634f9b21e6db9bed59842f19adeda48b49acb20e16f
-
Size
217KB
-
Sample
221202-y1c1vsaf25
-
MD5
583593cfbf27ed14d04e133833e897b2
-
SHA1
af7fd15d27bef67f89b6aee2348d636932bcd027
-
SHA256
63d17503bd4ae9dc9b7e834d6eefda8ec214746e73945b333af447ddab0b2bab
-
SHA512
a7678702d44eb7da977bb00e73501e321ce364ff91152826b5df66a71deac4f7a3d45cc47700b15ef317b5f2db38b878cceac88039bfc8b1fd7ca93df2489fbf
-
SSDEEP
6144:lhqJKdm6pftFrsb8XODU40LTwzLs0+CKnY1PVRT:3/7pfthcwIU40LTwz5rfRT
Static task
static1
Behavioral task
behavioral1
Sample
7a087c1bcd038c61ddb0f634f9b21e6db9bed59842f19adeda48b49acb20e16f.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
56
517
https://t.me/asifrazatg
https://steamcommunity.com/profiles/76561199439929669
-
profile_id
517
Targets
-
-
Target
7a087c1bcd038c61ddb0f634f9b21e6db9bed59842f19adeda48b49acb20e16f
-
Size
258KB
-
MD5
b9212ded69fae1fa1fb5d6db46a9fb76
-
SHA1
58face4245646b1cd379ee49f03a701eab1642be
-
SHA256
7a087c1bcd038c61ddb0f634f9b21e6db9bed59842f19adeda48b49acb20e16f
-
SHA512
09cab8ccedb9e53d6d2725e8b9dbbe8fa9552607a58d89876b6539a6612b2e7ac0440ef281971bec9191510915fa6264048510add493e6a862b0d3b4f006e342
-
SSDEEP
6144:YdAhH6pftFbsb8XODU4aLTwzLs0+mKnBtt:VUpftVcwIU4aLTwz5tItt
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-