General
-
Target
file.exe
-
Size
3.8MB
-
Sample
230201-pll6jsfa6w
-
MD5
d840a2c72a512dd1216b6a9d55064bdb
-
SHA1
92d6ab58ac492ed6a5819663c729678d37c4a16b
-
SHA256
9b7c71c299faeabcbe450a3a14da0579db63dcb86be807c1ab47389205048712
-
SHA512
70174c32c37d59d044025912453e327d880ac953679237daa3b71c7b40be4011b3784c04dd418462f3023870a1a506885657e8c5b6c3ed367ee45584a4492834
-
SSDEEP
24576:5zD5WoDpbTNjS0kfrdX77+p4N+WaB0+X0smhKpcE0RMfAGea1713LBpN8Xw/d:HWX77+PV0bsoKpcE0VGean3LRSg
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
vidar
2.3
886
https://t.me/mantarlars
https://steamcommunity.com/profiles/76561199474840123
-
profile_id
886
Targets
-
-
Target
file.exe
-
Size
3.8MB
-
MD5
d840a2c72a512dd1216b6a9d55064bdb
-
SHA1
92d6ab58ac492ed6a5819663c729678d37c4a16b
-
SHA256
9b7c71c299faeabcbe450a3a14da0579db63dcb86be807c1ab47389205048712
-
SHA512
70174c32c37d59d044025912453e327d880ac953679237daa3b71c7b40be4011b3784c04dd418462f3023870a1a506885657e8c5b6c3ed367ee45584a4492834
-
SSDEEP
24576:5zD5WoDpbTNjS0kfrdX77+p4N+WaB0+X0smhKpcE0RMfAGea1713LBpN8Xw/d:HWX77+PV0bsoKpcE0VGean3LRSg
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-