General
-
Target
8abfaae409bf39fee50815623157e2d1.bin
-
Size
279KB
-
Sample
230130-xl58esdc31
-
MD5
57619b8e1243a2e6f6612f674be644c0
-
SHA1
44deb2c152438fdc49a1fc7ef43597eb7c232f21
-
SHA256
1294c5da388e8bf1ee45cce451fc0f452134f2a6660ddb88b91fddcc2663800a
-
SHA512
47978a5b497333795a261bf8481ea6e7d9efd4845b475403c060824ffeaa4339022d687578f93069ca55a3a985416404bfe48c86b07f86359c2b74d9aa5ef225
-
SSDEEP
6144:MmAfP4wTWjoxMoqSoorx0Sc4osui1em8NlGULbPbkpBEYDfE+9of:REPnSnobPrxjjFui1e/lv/DkpOYDEKG
Static task
static1
Behavioral task
behavioral1
Sample
b9246a7cb0efe77225d19ff1dc0c982a6649c9b96ab63446c80542f146929a1b.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
1.5
14
https://t.me/dahuasecurit
https://steamcommunity.com/profiles/76561199441999914
-
profile_id
14
Targets
-
-
Target
b9246a7cb0efe77225d19ff1dc0c982a6649c9b96ab63446c80542f146929a1b.exe
-
Size
358KB
-
MD5
8abfaae409bf39fee50815623157e2d1
-
SHA1
6e1f85d46a5141ad0eddc0894b4a01b65f38ce32
-
SHA256
b9246a7cb0efe77225d19ff1dc0c982a6649c9b96ab63446c80542f146929a1b
-
SHA512
7d0a331fa535dbb8df88b70e10a05b12dc7df40b20e78b3eae15d94557c95b64869f732e66d7d81cfb5e154755178dfbc652deacfc765b0eebbe9a83f2994f2c
-
SSDEEP
6144:bLsrk7LanzMJedKeChRFbjhHAFyuSwaMW3VG1Ei0w0ztkYr8qMrc:bLsrk7Gn4JtZjq8uWMWFF9z6o8n
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-