General
-
Target
7d124bc23be85d73b1177143f41b5e72.exe
-
Size
1.4MB
-
Sample
221209-ll2z8ach23
-
MD5
7d124bc23be85d73b1177143f41b5e72
-
SHA1
09633b90a0b993fd4dec6d522a1243433fc3ab10
-
SHA256
04805512d670fb5f37bdf17bf00aae6976650f82c0b4bd342f3506d204f7aea2
-
SHA512
f4d318361bcccd7a3a77cdb243fa27e46abb6831cc315a4d8c4df9c37f30d11d2a0cd8a0ab9c8567f2c584dbcca1a9c336677216b8e31495c20061b287c29ebe
-
SSDEEP
24576:jEiV++MCUfiiF5CYElcxGvvJq89F85NURwfCULmNQpBAXFVw/5xbpY0Y8vNcup:jEiV++MCxiF0tJ25NK2mapBA1uxYSlcG
Static task
static1
Behavioral task
behavioral1
Sample
7d124bc23be85d73b1177143f41b5e72.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7d124bc23be85d73b1177143f41b5e72.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
vidar
56.1
1760
https://t.me/vmt001
-
profile_id
1760
Extracted
amadey
3.50
85.209.135.109/jg94cVd30f/index.php
Extracted
systembc
89.22.236.225:4193
176.124.205.5:4193
Targets
-
-
Target
7d124bc23be85d73b1177143f41b5e72.exe
-
Size
1.4MB
-
MD5
7d124bc23be85d73b1177143f41b5e72
-
SHA1
09633b90a0b993fd4dec6d522a1243433fc3ab10
-
SHA256
04805512d670fb5f37bdf17bf00aae6976650f82c0b4bd342f3506d204f7aea2
-
SHA512
f4d318361bcccd7a3a77cdb243fa27e46abb6831cc315a4d8c4df9c37f30d11d2a0cd8a0ab9c8567f2c584dbcca1a9c336677216b8e31495c20061b287c29ebe
-
SSDEEP
24576:jEiV++MCUfiiF5CYElcxGvvJq89F85NURwfCULmNQpBAXFVw/5xbpY0Y8vNcup:jEiV++MCxiF0tJ25NK2mapBA1uxYSlcG
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-