General
-
Target
e054878cfc0b894fc143dd29fe25850d.bin
-
Size
258KB
-
Sample
230117-jxeyqage7w
-
MD5
bf3c14ac862782574aa9e8c9b09a8816
-
SHA1
4a80d7ffc6dccd43ebee9add05ee5d0a53a01344
-
SHA256
2323da5725c3479513566747603769c50b5ca130d38fad3015d62e7fac28b7e2
-
SHA512
ce0756e99fed99e5c65be88d1932e770feeaf9d6b11f3c144d7f293260897eca9f197ff19d88d25632354e18c5c72255610bd99ae003d5e53129f33a0a4baebd
-
SSDEEP
6144:kAFwD3tmwNjiGxKd9ZcwlHiBogstVirCdBSCgY8Av4:kAFo3tmqzsMwtZiUBSin4
Static task
static1
Behavioral task
behavioral1
Sample
9bf97d34d8dad642255381440c4331ee412be29d6ac7571e601ed36fc67cd43b.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
1.6
24
https://t.me/ibommat
https://steamcommunity.com/profiles/76561199446766594
-
profile_id
24
Targets
-
-
Target
9bf97d34d8dad642255381440c4331ee412be29d6ac7571e601ed36fc67cd43b.exe
-
Size
341KB
-
MD5
e054878cfc0b894fc143dd29fe25850d
-
SHA1
d92379413c28cced4c2933193409a227e1b3692f
-
SHA256
9bf97d34d8dad642255381440c4331ee412be29d6ac7571e601ed36fc67cd43b
-
SHA512
f3a5550fa1b05fed077a8ed38b8f65d7d956a7f4dd3352ad433787340d53028361ffc7034157b192c30facc5173fe25627670a1d71a49c21113ea82fa85c3777
-
SSDEEP
6144:PLLem0+YpmC90kOvzUQPhkEthsZiJlukYxaMyf:PXemtYpmC90n1h1tu0luk/hf
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-