General
-
Target
2d3619f533adf751bce2326606b48923f5082c84f127914c88528a9109d2a7fa
-
Size
2.8MB
-
Sample
221206-t8pbmsee59
-
MD5
0fd3c8d453f4ced35d4fa84cf66ae24d
-
SHA1
a43c32a6cb243f75ea5e25c1c317b4a871a01ca2
-
SHA256
2d3619f533adf751bce2326606b48923f5082c84f127914c88528a9109d2a7fa
-
SHA512
ab5005e73b10b4e8339d8abac34a68946b2bca0b671142714c1b7257b9d1278e0b8b856d9f1fce2715fa109689e5dbd9ae15e10b3b5851f95cc5dd0e32bfd83c
-
SSDEEP
49152:NSrBlNy3p51NtZGJAmXSQzxKM9u7Vc6YvZmkj9LTrXysL:NSrBlNy3DtZGJAmXSQzxK6uBc6YvZmk5
Static task
static1
Malware Config
Extracted
vidar
56.1
1148
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1148
Targets
-
-
Target
2d3619f533adf751bce2326606b48923f5082c84f127914c88528a9109d2a7fa
-
Size
2.8MB
-
MD5
0fd3c8d453f4ced35d4fa84cf66ae24d
-
SHA1
a43c32a6cb243f75ea5e25c1c317b4a871a01ca2
-
SHA256
2d3619f533adf751bce2326606b48923f5082c84f127914c88528a9109d2a7fa
-
SHA512
ab5005e73b10b4e8339d8abac34a68946b2bca0b671142714c1b7257b9d1278e0b8b856d9f1fce2715fa109689e5dbd9ae15e10b3b5851f95cc5dd0e32bfd83c
-
SSDEEP
49152:NSrBlNy3p51NtZGJAmXSQzxKM9u7Vc6YvZmkj9LTrXysL:NSrBlNy3DtZGJAmXSQzxK6uBc6YvZmk5
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-