General
-
Target
file.exe
-
Size
406KB
-
Sample
230106-gcagdsed26
-
MD5
ffeb3e7f7e1679b7b91047c185d19e32
-
SHA1
9f0bf7f8c0c90424a00e2bdea3df797409c15930
-
SHA256
922260358cff0b48e0098db3eb36065cfae990c0bddb75b21e2fa8ed9c1edb3e
-
SHA512
c62a0788fcc63770c0c89e97665723ed7561c5bdaf30d3d0fed54eda3485435ab43c1121b07e2e44fa79f3201f2a0caca5db9f6fecb3a8b3e6b1671b2bdac5ef
-
SSDEEP
6144:mSLOoKjpEpCOnZPgBKx1HdwnL2a35mphL3Oq9dWKQyuo:mSSoKjpEJ3CL2a32hBbRuo
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
1.8
24
https://t.me/year2023start
https://steamcommunity.com/profiles/76561199467421923
-
profile_id
24
Targets
-
-
Target
file.exe
-
Size
406KB
-
MD5
ffeb3e7f7e1679b7b91047c185d19e32
-
SHA1
9f0bf7f8c0c90424a00e2bdea3df797409c15930
-
SHA256
922260358cff0b48e0098db3eb36065cfae990c0bddb75b21e2fa8ed9c1edb3e
-
SHA512
c62a0788fcc63770c0c89e97665723ed7561c5bdaf30d3d0fed54eda3485435ab43c1121b07e2e44fa79f3201f2a0caca5db9f6fecb3a8b3e6b1671b2bdac5ef
-
SSDEEP
6144:mSLOoKjpEpCOnZPgBKx1HdwnL2a35mphL3Oq9dWKQyuo:mSSoKjpEJ3CL2a32hBbRuo
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-