General
-
Target
FlStudio20.9.2.rar
-
Size
10.3MB
-
Sample
230201-1s8tnsee4z
-
MD5
17122567d07d08eea01304c741278018
-
SHA1
8f41515cf81e5b3011e5462dff5779c28c7e0ddb
-
SHA256
ce8686036516da3a149882c1c99e0a5b3a3ea86e75ce76fde7d1ccd91f31f13b
-
SHA512
62f3596b68bde9ca68b2e53a8cfea37c5df3af44bb249587fc6a938b4c8ddb2d1848ee09b1f437acff4b035357c918309c54d3fadb09360c618321d336bdd302
-
SSDEEP
196608:oBbUj4hNgFQnMVXkC13OcKBwJzeXmxlSHJiTeGR9Y8LI0J3KqZLxD7HU:o6j4hSXTFKBUze0oiT9M+nZLxn0
Static task
static1
Behavioral task
behavioral1
Sample
FlStudio20.9.2.exe
Resource
win10-20220812-en
Malware Config
Extracted
vidar
2.3
408
https://t.me/mantarlars
https://steamcommunity.com/profiles/76561199474840123
-
profile_id
408
Targets
-
-
Target
FlStudio20.9.2.exe
-
Size
761.7MB
-
MD5
3c578b92dd23970e9bb0f5a8f597e8c8
-
SHA1
0a21b23ae9033bfaea50bb016d796edf788490a3
-
SHA256
63587837ea2475b2541975621dcb10d047dab0cec92de4151e45a102a7285f82
-
SHA512
2796ff58f93f5e007489f8e466856aeb7198dd36b2a1361284a095a184076c5b8c9386104dc8edd02c1d4d0ff69de73e65280f3c7440582f46af703f5a3efbd8
-
SSDEEP
98304:CH4fK48pBU2d8uabhLbJVzwI06P8sa4lGOgLjK9L:geBjzw56xa4lGOgvq
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-