General
-
Target
AdobePhotoshop2023.rar
-
Size
6.7MB
-
Sample
230205-yy9l2seb2y
-
MD5
469bb8c671d4f722fb28b3a05b4e5f61
-
SHA1
9d64dc26dcdf2159bac87f5d91c6622f2fd6dea0
-
SHA256
b2879f9a1efa66ad099fd1d3efa7caabfdcbe785b296816f3e06d84afbcf9128
-
SHA512
abcd98547bfe256652e5ee87013c04ca62af6c61e460e5cb602502b56b57508fe99a71c7baa3403ae0b112578b89839209f79beec4c6829b335f4053d5543601
-
SSDEEP
196608:LgBLBa37iWqrU/DnDR41mwXACKbSYcUgOLWMiPx+N:yBADqwjD610dbRgOLsxw
Static task
static1
Behavioral task
behavioral1
Sample
AdobePhotoshop2023.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
2.3
408
https://t.me/mantarlars
https://steamcommunity.com/profiles/76561199474840123
-
profile_id
408
Targets
-
-
Target
AdobePhotoshop2023.exe
-
Size
761.7MB
-
MD5
8467cac7efc8e21527b063e55a324dfc
-
SHA1
8b023d467c51d67bf962692f09a2bcbe85e6bbf9
-
SHA256
3a03dfba23ff1e3c345a77eb7691ea21a5994d1918800c1d9aeed0efd1626602
-
SHA512
259defa1fcb9a7c6c7d7635db5b1a351884d350adf6bbb68d7367e353fbedc0f3c4e656b0912a74dc3ce054e6cdf36265a0ee49fa19aca0e0e7f04b761b801a3
-
SSDEEP
12288:ZdyG7eqXwOR4eXccvuOq4KvEdj49lik1CAZjWthFoTmi:VyeR4jMujbMdk9TCAZjWthFY
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-