General
-
Target
12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a
-
Size
2.0MB
-
Sample
230206-17cd1sbd4w
-
MD5
e3ab1a19bbe6091e10550086c676e189
-
SHA1
2d70248fc6fec261971b4b74c09794d55239e8f5
-
SHA256
12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a
-
SHA512
1ffe050189a14f9cbd1faa7390463d0ed39e8ca0270d21796017cf216539436149c82d5ce7d1b65b7661afd7a756b34cb86c6615bc7c11041a122f1c600c8b85
-
SSDEEP
12288:ItI83H5skVTTE5ZhYBZ4AZa7tbsQDysckC0eh9/5z9:IpsLOBZ4oaDen
Static task
static1
Behavioral task
behavioral1
Sample
12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
2.4
694
-
profile_id
694
Targets
-
-
Target
12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a
-
Size
2.0MB
-
MD5
e3ab1a19bbe6091e10550086c676e189
-
SHA1
2d70248fc6fec261971b4b74c09794d55239e8f5
-
SHA256
12b053ff554ab6a4db909b0ee33f419b09f1f0f8a6612ae9773db3451e6d166a
-
SHA512
1ffe050189a14f9cbd1faa7390463d0ed39e8ca0270d21796017cf216539436149c82d5ce7d1b65b7661afd7a756b34cb86c6615bc7c11041a122f1c600c8b85
-
SSDEEP
12288:ItI83H5skVTTE5ZhYBZ4AZa7tbsQDysckC0eh9/5z9:IpsLOBZ4oaDen
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-