General
-
Target
9e053d7f64032a506a55bc67afbf5556.bin
-
Size
256KB
-
Sample
230116-1myrhshh9v
-
MD5
48fa341cd278d8c39c7bdb5297e970dc
-
SHA1
9027657d9abfd3f48a34e0bb19c2f3878bb2bd42
-
SHA256
4892d95e8c3eb2b49b440d32515aee4842935057143cef29ae7dd1d1d1aa19ca
-
SHA512
49f5536de407a47fd4ec9d2c405df0aeed9c2d8ed3d549d205b1c1f0e98de7a541ca843a70d49d9e6d6baeda0c0c5807a80b110539032be6fd3b01579e04a7ec
-
SSDEEP
6144:Vqd0RvjKggqQwiP9VHOVDJQJFqcv5n8K69gEyF6c:VvRGggDPzuVDJQJFZ5nr69gXF6c
Static task
static1
Behavioral task
behavioral1
Sample
5c6da74665a1d13afccd66d58dc20163744abad7cb8d20f06dfce481b6459a9d.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
1.6
24
https://t.me/ibommat
https://steamcommunity.com/profiles/76561199446766594
-
profile_id
24
Targets
-
-
Target
5c6da74665a1d13afccd66d58dc20163744abad7cb8d20f06dfce481b6459a9d.exe
-
Size
348KB
-
MD5
9e053d7f64032a506a55bc67afbf5556
-
SHA1
4763f3511fb9041aecd7994f285d40074069ee4b
-
SHA256
5c6da74665a1d13afccd66d58dc20163744abad7cb8d20f06dfce481b6459a9d
-
SHA512
15585665d1d4b0e8699cacedcbe922aac3db6378586bd16835854dcbcd1e83474c3a73cc6389487f6c26d8aabb31d24d916b43168414c9f09eed8df939458392
-
SSDEEP
6144:OCLZhrrWU1OipsHXHFpYcFqpPHJ/QULWEGymI:DthDpsHXlpYcFgVmgm
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-