General
-
Target
B9246A7CB0EFE77225D19FF1DC0C982A6649C9B96AB63.exe
-
Size
358KB
-
Sample
230126-yks25sfb78
-
MD5
8abfaae409bf39fee50815623157e2d1
-
SHA1
6e1f85d46a5141ad0eddc0894b4a01b65f38ce32
-
SHA256
b9246a7cb0efe77225d19ff1dc0c982a6649c9b96ab63446c80542f146929a1b
-
SHA512
7d0a331fa535dbb8df88b70e10a05b12dc7df40b20e78b3eae15d94557c95b64869f732e66d7d81cfb5e154755178dfbc652deacfc765b0eebbe9a83f2994f2c
-
SSDEEP
6144:bLsrk7LanzMJedKeChRFbjhHAFyuSwaMW3VG1Ei0w0ztkYr8qMrc:bLsrk7Gn4JtZjq8uWMWFF9z6o8n
Static task
static1
Behavioral task
behavioral1
Sample
B9246A7CB0EFE77225D19FF1DC0C982A6649C9B96AB63.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
1.5
14
https://t.me/dahuasecurit
https://steamcommunity.com/profiles/76561199441999914
-
profile_id
14
Targets
-
-
Target
B9246A7CB0EFE77225D19FF1DC0C982A6649C9B96AB63.exe
-
Size
358KB
-
MD5
8abfaae409bf39fee50815623157e2d1
-
SHA1
6e1f85d46a5141ad0eddc0894b4a01b65f38ce32
-
SHA256
b9246a7cb0efe77225d19ff1dc0c982a6649c9b96ab63446c80542f146929a1b
-
SHA512
7d0a331fa535dbb8df88b70e10a05b12dc7df40b20e78b3eae15d94557c95b64869f732e66d7d81cfb5e154755178dfbc652deacfc765b0eebbe9a83f2994f2c
-
SSDEEP
6144:bLsrk7LanzMJedKeChRFbjhHAFyuSwaMW3VG1Ei0w0ztkYr8qMrc:bLsrk7Gn4JtZjq8uWMWFF9z6o8n
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-