General
-
Target
9b7b45434353b99f97d33f44e225e71b9c164cd21ae56335c078cca20ae29c1d
-
Size
422KB
-
Sample
230206-1d62jabb9t
-
MD5
0b622eb410bfb32c5fa7b45eb3c116d2
-
SHA1
606d111174079e4d784e95f285805f14116e6d63
-
SHA256
9b7b45434353b99f97d33f44e225e71b9c164cd21ae56335c078cca20ae29c1d
-
SHA512
ffc1c0caf526c598624845c4d15df2fd68309f8027373c971ed7405f1bda52e89db6b936ce11937d038c3c1a2dba4fcbc70ba8f28d8d1aa4bf4325f08a6a61c4
-
SSDEEP
6144:CY4YL2UoScaKQBaPFc7rBty0MKpjZ49xAhbPuQj9Eah:CnYC5ZwOe7rBSKpjZGxIPljK
Static task
static1
Malware Config
Extracted
vidar
2.4
19
-
profile_id
19
Targets
-
-
Target
9b7b45434353b99f97d33f44e225e71b9c164cd21ae56335c078cca20ae29c1d
-
Size
422KB
-
MD5
0b622eb410bfb32c5fa7b45eb3c116d2
-
SHA1
606d111174079e4d784e95f285805f14116e6d63
-
SHA256
9b7b45434353b99f97d33f44e225e71b9c164cd21ae56335c078cca20ae29c1d
-
SHA512
ffc1c0caf526c598624845c4d15df2fd68309f8027373c971ed7405f1bda52e89db6b936ce11937d038c3c1a2dba4fcbc70ba8f28d8d1aa4bf4325f08a6a61c4
-
SSDEEP
6144:CY4YL2UoScaKQBaPFc7rBty0MKpjZ49xAhbPuQj9Eah:CnYC5ZwOe7rBSKpjZGxIPljK
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-