General
-
Target
Application_debloated.exe
-
Size
3.8MB
-
Sample
230207-vs9hbach48
-
MD5
29d8b6368c5a7b9fec94b107baaa7329
-
SHA1
e5186b8a1c4b0b9b8cefe699e80e5554cd6a0546
-
SHA256
c08e2ca15e8534820ef3b1241054cbdb4a62a2cd56f21a153695554f5a79b783
-
SHA512
f9c7d9813d64764369baa4bc8af7cd85b4cb4523ee156d41f9cbc75d2e04ec4bac2040a14ebf7b56e883c8d5b795f620ff5d8a9aa9fbfce7e8eff38417684eab
-
SSDEEP
98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdS:wlrJAY55OnT6sNC/45Nxzd
Static task
static1
Behavioral task
behavioral1
Sample
Application_debloated.exe
Resource
win7-20220901-en
Malware Config
Extracted
vidar
2.3
408
https://t.me/mantarlars
https://steamcommunity.com/profiles/76561199474840123
-
profile_id
408
Targets
-
-
Target
Application_debloated.exe
-
Size
3.8MB
-
MD5
29d8b6368c5a7b9fec94b107baaa7329
-
SHA1
e5186b8a1c4b0b9b8cefe699e80e5554cd6a0546
-
SHA256
c08e2ca15e8534820ef3b1241054cbdb4a62a2cd56f21a153695554f5a79b783
-
SHA512
f9c7d9813d64764369baa4bc8af7cd85b4cb4523ee156d41f9cbc75d2e04ec4bac2040a14ebf7b56e883c8d5b795f620ff5d8a9aa9fbfce7e8eff38417684eab
-
SSDEEP
98304:I2Gp2qVeoJAYyFClDOSAJBZO+os/ATYCVN/4AINYYh3yQdS:wlrJAY55OnT6sNC/45Nxzd
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-