General
-
Target
file.exe
-
Size
416KB
-
Sample
230131-s2f61sgh69
-
MD5
996a9afca7ebed4ce1ac3f22f2f8da51
-
SHA1
bebfc60a7b1fa8e493a458d15331907233f0e928
-
SHA256
a594a97b66c29d9128d7757f71650c91575f1f32033f4cc56b49e8f5e1d4cecf
-
SHA512
e50ab67d9d87f0dc801553116c2fb09320d8aa7f5041abcc79260c1de956de2c711d868b1561081beec32e0f23523226de0dff8e9df83fff11ec64006984d7f1
-
SSDEEP
6144:rkgYDLQMDGDJyzP+Bpitd5QHiIuTWuej7bwtRaamqMoI/wr8Mu:9QcLDJwyWGCIuTPGbzqME
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
2.3
813
https://t.me/mantarlars
https://steamcommunity.com/profiles/76561199474840123
-
profile_id
813
Targets
-
-
Target
file.exe
-
Size
416KB
-
MD5
996a9afca7ebed4ce1ac3f22f2f8da51
-
SHA1
bebfc60a7b1fa8e493a458d15331907233f0e928
-
SHA256
a594a97b66c29d9128d7757f71650c91575f1f32033f4cc56b49e8f5e1d4cecf
-
SHA512
e50ab67d9d87f0dc801553116c2fb09320d8aa7f5041abcc79260c1de956de2c711d868b1561081beec32e0f23523226de0dff8e9df83fff11ec64006984d7f1
-
SSDEEP
6144:rkgYDLQMDGDJyzP+Bpitd5QHiIuTWuej7bwtRaamqMoI/wr8Mu:9QcLDJwyWGCIuTPGbzqME
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-