General
-
Target
adb4d5bc0e359b762c9af262bcbaecd7effc14742631afdc650eb8b8feb54003
-
Size
596KB
-
Sample
230127-fdgreshg91
-
MD5
a53466fc1c01a7fa4ac637e46c8ca0cd
-
SHA1
1fd22e354e8ca425a1de630bffb54e2d10435b62
-
SHA256
adb4d5bc0e359b762c9af262bcbaecd7effc14742631afdc650eb8b8feb54003
-
SHA512
756e67a0241671a1dd7b42f5c481be79fc5f07f7a24e22abc0629d575a6f34362d4ccd35a5f6d6d831830a60495b2f25e11b205d0adcb115c8b8131895af277d
-
SSDEEP
12288:PToPWBv/cpGrU3ywDwK7KvDJCbAvyDcdSCYZLYL6h:PTbBv5rUTwK78dChctYZLYL6h
Static task
static1
Malware Config
Extracted
vidar
2.2
818
https://t.me/litlebey
https://steamcommunity.com/profiles/76561199472399815
-
profile_id
818
Targets
-
-
Target
adb4d5bc0e359b762c9af262bcbaecd7effc14742631afdc650eb8b8feb54003
-
Size
596KB
-
MD5
a53466fc1c01a7fa4ac637e46c8ca0cd
-
SHA1
1fd22e354e8ca425a1de630bffb54e2d10435b62
-
SHA256
adb4d5bc0e359b762c9af262bcbaecd7effc14742631afdc650eb8b8feb54003
-
SHA512
756e67a0241671a1dd7b42f5c481be79fc5f07f7a24e22abc0629d575a6f34362d4ccd35a5f6d6d831830a60495b2f25e11b205d0adcb115c8b8131895af277d
-
SSDEEP
12288:PToPWBv/cpGrU3ywDwK7KvDJCbAvyDcdSCYZLYL6h:PTbBv5rUTwK78dChctYZLYL6h
-
Async RAT payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-