General
-
Target
MDE_File_Sample_4769a84f87a7229e8acd968d085468a00c7b4f9a.zip
-
Size
4.3MB
-
Sample
221214-hwnnsshd29
-
MD5
aa83ead6d4e29dc4f3a63f58d6994bde
-
SHA1
8a0de39f5fd7a4a6cb6874a3057724f9a233986c
-
SHA256
546e8255f0e22232db99e894e6044bed4ca05d14d601193e5e8c91e144011455
-
SHA512
96c7efc1a011f046ede82f9c285ced2aedee83a2edefa21bb8fe8845827af55ae4b820d17f7123c8cc672ff39c37f64148513e0e8f9a07a71a67117600fd8e87
-
SSDEEP
98304:6ivsXqJ3CsDrAwo4Z0ru/PSaQ/R/EEP54s5teWL:6RXqJvfm4b/KvRBxpDPL
Static task
static1
Behavioral task
behavioral1
Sample
Quick Indicator Tester.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
55.8
1142
https://t.me/headshotsonly
https://steamcommunity.com/profiles/76561199436777531
-
profile_id
1142
Targets
-
-
Target
Quick Indicator Tester.exe
-
Size
401.8MB
-
MD5
718f7e0ce95a05dc5e2e834a13348e40
-
SHA1
e6ca520f582875c23ec4f802ab78e8e236487e2b
-
SHA256
0360cdb4d1428dd656e950f025eed14d1a43a16903bcc9e7c6b2e7ff0eb42dc1
-
SHA512
2fac5e35e4c27f01f103ebb0e4dcaf97754dbc772656c775632a4c0943dd6b6020650e3105f90d316472b83a6ca676189d1e165f19b80ff3be0c6f6191470554
-
SSDEEP
98304:NM+CBziMUphx2p90SqEmLdRI+/HJNIIRjUr3kLDEMITa+:KziMGhx2f0Sqw+/Lm6EDTr
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-