General
-
Target
740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c
-
Size
407KB
-
Sample
221229-t6g5jsgg4y
-
MD5
3b6782cde711c6e73e09611c5041060e
-
SHA1
412d9f6e64ebee4287eccff782f04943e5381d4f
-
SHA256
740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c
-
SHA512
d7883a046d9b153094f9f3e5970b78a9084de8472d219a325006a7652cdf5427641a0c10beef4aceaa4ad9d92ea1a2ccf8104588e51760200e7e85be37524c4e
-
SSDEEP
6144:ZLy8zb4fAgGKnhd7CA6TzHFdKFAf2iwLR2TP0dainGyIxZ1WqqdS09h:Z+d494r7TabQEORMPMRnGdYX
Static task
static1
Malware Config
Extracted
vidar
1.7
19
https://t.me/robloxblackl
https://steamcommunity.com/profiles/76561199458928097
-
profile_id
19
Targets
-
-
Target
740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c
-
Size
407KB
-
MD5
3b6782cde711c6e73e09611c5041060e
-
SHA1
412d9f6e64ebee4287eccff782f04943e5381d4f
-
SHA256
740912c948f5c370a23fa34da6fca7ffa1abc420edefcbe3c7a74170c9f47e8c
-
SHA512
d7883a046d9b153094f9f3e5970b78a9084de8472d219a325006a7652cdf5427641a0c10beef4aceaa4ad9d92ea1a2ccf8104588e51760200e7e85be37524c4e
-
SSDEEP
6144:ZLy8zb4fAgGKnhd7CA6TzHFdKFAf2iwLR2TP0dainGyIxZ1WqqdS09h:Z+d494r7TabQEORMPMRnGdYX
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-