General
-
Target
d5987436ed6061c2b9cb0d5a4376d428194858e32b504e5fb4a47184d4220388
-
Size
296KB
-
Sample
230104-qhpb6sga37
-
MD5
5addb9a77d021d35311cf28a6d2fcfcb
-
SHA1
04ab9026c92f5e705342bc180fcc6e4428821f60
-
SHA256
d5987436ed6061c2b9cb0d5a4376d428194858e32b504e5fb4a47184d4220388
-
SHA512
f4e09e0cdde571dc6a775a43f771f9581929402804598fc8666d4c24f1c17c38a4962f552ab5a63300bf162b19893fdb3de5a19dc4f4044d39169d9cbb62f366
-
SSDEEP
6144:97pON8pLwfct+KUGCvGJlcWwoKwL4YnUoWtq:9RpgKNgWw5wcY
Behavioral task
behavioral1
Sample
d5987436ed6061c2b9cb0d5a4376d428194858e32b504e5fb4a47184d4220388.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
1.8
24
https://t.me/year2023start
https://steamcommunity.com/profiles/76561199467421923
-
profile_id
24
Targets
-
-
Target
d5987436ed6061c2b9cb0d5a4376d428194858e32b504e5fb4a47184d4220388
-
Size
296KB
-
MD5
5addb9a77d021d35311cf28a6d2fcfcb
-
SHA1
04ab9026c92f5e705342bc180fcc6e4428821f60
-
SHA256
d5987436ed6061c2b9cb0d5a4376d428194858e32b504e5fb4a47184d4220388
-
SHA512
f4e09e0cdde571dc6a775a43f771f9581929402804598fc8666d4c24f1c17c38a4962f552ab5a63300bf162b19893fdb3de5a19dc4f4044d39169d9cbb62f366
-
SSDEEP
6144:97pON8pLwfct+KUGCvGJlcWwoKwL4YnUoWtq:9RpgKNgWw5wcY
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-