General
-
Target
_μ§μμ_221212(κ²½λ ₯μ¬νλ κ°μ΄ κΈ°μ¬νμμ΅λλ€ μ λΆνλλ €μ).exe
-
Size
394KB
-
Sample
221213-fbk13ade79
-
MD5
718c76f00949c2aa03647c8b16c89325
-
SHA1
a1ed33510d0f8b1f0f635e23c101524df4a29015
-
SHA256
e73f81cc13621d5616984fc7586b3f1c823a2b82c6d63d75fa02591f22f23058
-
SHA512
0e3c283bf5cb8ba8053d4c61fdbb6f669cc06d637f10bd013c0161192057f98d4cd60644ef35a663e54a468de4a28a6ca563cd43065f6e53cc519f2be3991fbd
-
SSDEEP
6144:gjJLlbUB2gIwnqTMYPMD7MddS//WK/Dtt9sqL0B3RbhkdSyertCtPd2yV:EhUChT3PMD4cWGLzL0BLkdgtCtg
Static task
static1
Behavioral task
behavioral1
Sample
_μ§μμ_221212(κ²½λ ₯μ¬νλ κ°μ΄ κΈ°μ¬νμμ΅λλ€ μ λΆνλλ €μ).exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
56.1
1672
https://t.me/dishasta
https://steamcommunity.com/profiles/76561199441933804
-
profile_id
1672
Targets
-
-
Target
_μ§μμ_221212(κ²½λ ₯μ¬νλ κ°μ΄ κΈ°μ¬νμμ΅λλ€ μ λΆνλλ €μ).exe
-
Size
394KB
-
MD5
718c76f00949c2aa03647c8b16c89325
-
SHA1
a1ed33510d0f8b1f0f635e23c101524df4a29015
-
SHA256
e73f81cc13621d5616984fc7586b3f1c823a2b82c6d63d75fa02591f22f23058
-
SHA512
0e3c283bf5cb8ba8053d4c61fdbb6f669cc06d637f10bd013c0161192057f98d4cd60644ef35a663e54a468de4a28a6ca563cd43065f6e53cc519f2be3991fbd
-
SSDEEP
6144:gjJLlbUB2gIwnqTMYPMD7MddS//WK/Dtt9sqL0B3RbhkdSyertCtPd2yV:EhUChT3PMD4cWGLzL0BLkdgtCtg
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-