General
-
Target
11760869d023db67e292f9efc9b02dc0f3f08624c5ec409290f4357d300f5bfa
-
Size
422KB
-
Sample
230111-gndyysed3y
-
MD5
36fe75457be5610c8cb50a61a5f062f7
-
SHA1
b1e722d526bc2a71b1496a1b23dc4b0ab9afe021
-
SHA256
11760869d023db67e292f9efc9b02dc0f3f08624c5ec409290f4357d300f5bfa
-
SHA512
a98b7e187504e9e6aadbf825283424023567a15da5cd6a56d766ac66783c3560c53bb5433cc0eec16d0508642280a16117095861a722285104562c78108c3fd3
-
SSDEEP
12288:VmqeOUMGNPi2gjdSXHfSyM7TBwOCM7p7hVG:VmqeOU5fOdG/SyM7n
Static task
static1
Malware Config
Extracted
vidar
1.9
24
https://t.me/travelticketshop
https://steamcommunity.com/profiles/76561199469016299
-
profile_id
24
Targets
-
-
Target
11760869d023db67e292f9efc9b02dc0f3f08624c5ec409290f4357d300f5bfa
-
Size
422KB
-
MD5
36fe75457be5610c8cb50a61a5f062f7
-
SHA1
b1e722d526bc2a71b1496a1b23dc4b0ab9afe021
-
SHA256
11760869d023db67e292f9efc9b02dc0f3f08624c5ec409290f4357d300f5bfa
-
SHA512
a98b7e187504e9e6aadbf825283424023567a15da5cd6a56d766ac66783c3560c53bb5433cc0eec16d0508642280a16117095861a722285104562c78108c3fd3
-
SSDEEP
12288:VmqeOUMGNPi2gjdSXHfSyM7TBwOCM7p7hVG:VmqeOU5fOdG/SyM7n
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-