General
-
Target
file.exe
-
Size
401KB
-
Sample
230107-ha681sgc91
-
MD5
b1ceedf8f36682c4b2dd7dfe67712df7
-
SHA1
5349ddeb137abe91d921d112544dae7c195eff1c
-
SHA256
09ac5364fbafca4c7c9ad6f04fed82c2bedf9550e7690c8bbdacb8705a6921c9
-
SHA512
25f488830fa3ac1fa14525bac38fc532e3b9f3074c5f6e77a633e0f4d104308a38a310e6464aa56b73bad12e3304fc870dec6ff901bc317f456e1fb1c6ddd714
-
SSDEEP
6144:UpLy9EDo/qfTdNu7LjtBt3/a8uSVkKLyo/7QeEEZ45b6LYni6Wb:Upu9E/doPDlnuSV/ycEvEabi
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
1.8
24
https://t.me/year2023start
https://steamcommunity.com/profiles/76561199467421923
-
profile_id
24
Targets
-
-
Target
file.exe
-
Size
401KB
-
MD5
b1ceedf8f36682c4b2dd7dfe67712df7
-
SHA1
5349ddeb137abe91d921d112544dae7c195eff1c
-
SHA256
09ac5364fbafca4c7c9ad6f04fed82c2bedf9550e7690c8bbdacb8705a6921c9
-
SHA512
25f488830fa3ac1fa14525bac38fc532e3b9f3074c5f6e77a633e0f4d104308a38a310e6464aa56b73bad12e3304fc870dec6ff901bc317f456e1fb1c6ddd714
-
SSDEEP
6144:UpLy9EDo/qfTdNu7LjtBt3/a8uSVkKLyo/7QeEEZ45b6LYni6Wb:Upu9E/doPDlnuSV/ycEvEabi
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-